Lorenzo Cavallaro (King's College London, Department of Informatics)

"Intriguing Properties of Adversarial ML Attacks in the Problem Space"

Copyright: Lorenzo Cavallaro

Abstract. Recent research efforts on adversarial ML have investigated problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping to the feature space (e.g., software). However, the design, comparison, and real-world implications of problem-space attacks remain underexplored. In this talk, I will present two major contributions from our recent IEEE S&P 2020 paper [1]. First, I will present our novel reformulation of adversarial ML evasion attacks in the problem-space (also known as realizable attacks). This requires to consider and reason about additional constraints feature-space attacks ignore, which shed light on the relationship between feature-space and problem-space attacks. Second, building on our reformulation, I will present a novel problem-space attack for generating end-to-end evasive Android malware, showing that it is feasible to generate evasive malware at scale, while evading state-of-the-art defenses.

[1] Fabio Pierazzi*, Feargus Pendlebury*, Jacopo Cortellazzi, and Lorenzo Cavallaro. "Intriguing Properties of Adversarial ML Attacks in the Problem Space". IEEE Symp.  Security & Privacy (Oakland), 2020.

Biography. Lorenzo grew up on pizza, spaghetti, and Phrack, first. Underground and academic research interests followed shortly thereafter. He is a Full Professor of Computer Science in the Department of Informatics at King's College London, where he holds the Chair in Cybersecurity (Systems Security). He leads the Cybersecurity group's Systems Security Research Lab (, which works at the intersection of program analysis and machine learning for systems security. He received the USENIX WOOT Best Paper Award 2017, and delivers talks & publishes at & sits on the technical program committee of well-known international conferences, including IEEE S&P, USENIX Security, ACM CCS, RAID, ACSAC, as well as emerging thematics workshops (e.g., Deep Learning for Security @ IEEE S&P, and AISec @ ACM CCS). Lorenzo was General Co-Chair of ACM CCS and he is Program Co-Chair of Deep Learning and Security (co-located with IEEE S&P) 2021 and DIMVA 2021. Lorenzo holds a PhD in Computer Science from the University of Milan (2008), held Post-Doctoral and Visiting Scholar positions at Vrije Universiteit Amsterdam (2010-2011), UC Santa Barbara (2008- 2009), and Stony Brook University (2006-2008), and worked in the Information Security Group at Royal Holloway, University of London (Assistant Professor, 2012; Associate Professor, 2016; Full Professor, 2018). He definitely has never stopped wondering and having fun ever since.

Zum Youtube-Video