Sana Awan | National University of Sciences & Technology (NUST) (original) (raw)
Papers by Sana Awan
Annual Computer Security Applications Conference, 2021
In the evasion attacks against deep neural networks (DNN), the attacker generates adversarial ins... more In the evasion attacks against deep neural networks (DNN), the attacker generates adversarial instances that are visually indistinguishable from benign samples and sends them to the target DNN to trigger misclassifications. In this paper, we propose a novel multiview adversarial image detector, namely Argos, based on a novel observation. That is, there exist two "souls" in an adversarial instance, i.e., the visually unchanged content, which corresponds to the true label, and the added invisible perturbation, which corresponds to the misclassified label. Such inconsistencies could be further amplified through an autoregressive generative approach that generates images with seed pixels selected from the original image, a selected label, and pixel distributions learned from the training data. The generated images (i.e., the "views") will deviate significantly from the original one if the label is adversarial, demonstrating inconsistencies that Argos expects to detect. To this end, Argos first amplifies the discrepancies between the visual content of an image and its misclassified label induced by the attack using a set of regeneration mechanisms and then identifies an image as adversarial if the reproduced views deviate to a preset degree. Our experimental results show that Argos significantly outperforms two representative adversarial detectors in both detection accuracy and robustness against six well-known adversarial attacks. Code is available at: https://github.com/sohaib730/Argos-Adversarial_Detection CCS CONCEPTS • Security and privacy; • Computing methodologies → Artificial intelligence; Machine learning;
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
Federated learning (FL) is promising in supporting collaborative learning applications that invol... more Federated learning (FL) is promising in supporting collaborative learning applications that involve large datasets, massively distributed data owners and unreliable network connectivity. To protect data privacy, existing FL approaches adopt (k,n)-threshold secret sharing schemes, based on the semi-honest assumption for clients, to enable secure multiparty computation in local model update exchange which deals with random client dropouts at the cost of increasing data size. These approaches adopt the semi-honest assumption for clients, therefore they are vulnerable to malicious clients. In this work, we propose a blockchain-based privacy-preserving federated learning (BC-based PPFL) framework, which leverages the immutability and decentralized trust properties of blockchain to provide provenance of model updates. Our proof-of-concept implementation of BC-based PPFL demonstrates it is practical for secure aggregation of local model updates in the federated setting.
Title of Thesis: SECURITY THROUGH OBSCURITY: LAYOUT OBFUSCATION OF DIGITAL INTEGRATED CIRCUITS US... more Title of Thesis: SECURITY THROUGH OBSCURITY: LAYOUT OBFUSCATION OF DIGITAL INTEGRATED CIRCUITS USING DON’T CARE CONDITIONS Sana Mehmood Awan, Master of Science, 2015 Directed By: Professor Gang Qu, Department of Electrical and Computer Engineering and Institute for Systems Research, University of Maryland Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is circuit obfuscation which seeks to modify the gate-level (or structural) description of a circuit without affecting its functionality in order to increase the complexity and cost of reverse engineering. Most of the existing circuit obfuscation methods are based on the insertion of additional logic (called “key gates”) or ca...
Computer Security – ESORICS 2021, 2021
2016 International Conference on Control, Automation and Information Sciences (ICCAIS), 2016
Obfuscation has emerged as a promising approach to ensure supply chain security by countering the... more Obfuscation has emerged as a promising approach to ensure supply chain security by countering the reverse engineering (RE) based attacks on integrated circuits that violate intellectual property rights of the circuit designer. However, current obfuscation methods either rely on secure memory to store the key or incur large design overhead with camouflaged gates. We propose a set of don't care based obfuscation primitives and show how they can be used to make the design IP secure with little area and delay overhead. While existing logic obfuscation techniques rely on hiding layout information from circuit attackers, our approach is different in that we introduce confusion in the sub-circuit functionality in order to increase the RE complexity while meeting the overall circuit specification. We also study how to maximize the complexity of the RE attacks and incorporate the conclusion of such a study into the proposed don't care based obfuscation method. Simulation results for ISCAS-85 benchmarks confirm that we can achieve circuit obfuscation with very high RE complexity and small design overhead, more specifically, an average 7.73% delay overhead and 5.51% area overhead.
Proceedings of the 7th Symposium on Hot Topics in the Science of Security, 2020
Annual Computer Security Applications Conference, 2021
In the evasion attacks against deep neural networks (DNN), the attacker generates adversarial ins... more In the evasion attacks against deep neural networks (DNN), the attacker generates adversarial instances that are visually indistinguishable from benign samples and sends them to the target DNN to trigger misclassifications. In this paper, we propose a novel multiview adversarial image detector, namely Argos, based on a novel observation. That is, there exist two "souls" in an adversarial instance, i.e., the visually unchanged content, which corresponds to the true label, and the added invisible perturbation, which corresponds to the misclassified label. Such inconsistencies could be further amplified through an autoregressive generative approach that generates images with seed pixels selected from the original image, a selected label, and pixel distributions learned from the training data. The generated images (i.e., the "views") will deviate significantly from the original one if the label is adversarial, demonstrating inconsistencies that Argos expects to detect. To this end, Argos first amplifies the discrepancies between the visual content of an image and its misclassified label induced by the attack using a set of regeneration mechanisms and then identifies an image as adversarial if the reproduced views deviate to a preset degree. Our experimental results show that Argos significantly outperforms two representative adversarial detectors in both detection accuracy and robustness against six well-known adversarial attacks. Code is available at: https://github.com/sohaib730/Argos-Adversarial_Detection CCS CONCEPTS • Security and privacy; • Computing methodologies → Artificial intelligence; Machine learning;
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
Federated learning (FL) is promising in supporting collaborative learning applications that invol... more Federated learning (FL) is promising in supporting collaborative learning applications that involve large datasets, massively distributed data owners and unreliable network connectivity. To protect data privacy, existing FL approaches adopt (k,n)-threshold secret sharing schemes, based on the semi-honest assumption for clients, to enable secure multiparty computation in local model update exchange which deals with random client dropouts at the cost of increasing data size. These approaches adopt the semi-honest assumption for clients, therefore they are vulnerable to malicious clients. In this work, we propose a blockchain-based privacy-preserving federated learning (BC-based PPFL) framework, which leverages the immutability and decentralized trust properties of blockchain to provide provenance of model updates. Our proof-of-concept implementation of BC-based PPFL demonstrates it is practical for secure aggregation of local model updates in the federated setting.
Title of Thesis: SECURITY THROUGH OBSCURITY: LAYOUT OBFUSCATION OF DIGITAL INTEGRATED CIRCUITS US... more Title of Thesis: SECURITY THROUGH OBSCURITY: LAYOUT OBFUSCATION OF DIGITAL INTEGRATED CIRCUITS USING DON’T CARE CONDITIONS Sana Mehmood Awan, Master of Science, 2015 Directed By: Professor Gang Qu, Department of Electrical and Computer Engineering and Institute for Systems Research, University of Maryland Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is circuit obfuscation which seeks to modify the gate-level (or structural) description of a circuit without affecting its functionality in order to increase the complexity and cost of reverse engineering. Most of the existing circuit obfuscation methods are based on the insertion of additional logic (called “key gates”) or ca...
Computer Security – ESORICS 2021, 2021
2016 International Conference on Control, Automation and Information Sciences (ICCAIS), 2016
Obfuscation has emerged as a promising approach to ensure supply chain security by countering the... more Obfuscation has emerged as a promising approach to ensure supply chain security by countering the reverse engineering (RE) based attacks on integrated circuits that violate intellectual property rights of the circuit designer. However, current obfuscation methods either rely on secure memory to store the key or incur large design overhead with camouflaged gates. We propose a set of don't care based obfuscation primitives and show how they can be used to make the design IP secure with little area and delay overhead. While existing logic obfuscation techniques rely on hiding layout information from circuit attackers, our approach is different in that we introduce confusion in the sub-circuit functionality in order to increase the RE complexity while meeting the overall circuit specification. We also study how to maximize the complexity of the RE attacks and incorporate the conclusion of such a study into the proposed don't care based obfuscation method. Simulation results for ISCAS-85 benchmarks confirm that we can achieve circuit obfuscation with very high RE complexity and small design overhead, more specifically, an average 7.73% delay overhead and 5.51% area overhead.
Proceedings of the 7th Symposium on Hot Topics in the Science of Security, 2020