Generative adversarial networks (GANs) represent the most advanced example of neural networks that deep learning makes available to us in the context of cybersecurity. GANs can be used for legitimate purposes, such as authentication procedures, but they can also be exploited to violate these procedures.

In this chapter, we will look at the following topics:

• The fundamental concepts of GANs and their use in attack and defense scenarios
• The main libraries and tools for developing adversarial examples
• Attacks against deep neural networks (DNNs) via model substitution
• Attacks against intrusion detection systems (IDS) via GANs
• Attacks against facial recognition procedures using adversarial examples

We will now begin the chapter by introducing the basic concepts of GANs.

GANs were theorized in a famous paper that dates back to 2014 (https://arxiv.org/abs/1406.2661), written by a team of researchers including Ian Goodfellow and Yoshua Bengio, which described the potential and characteristics of a special category of adversarial processes, called GANs.

The basic idea behind GANs is simple, as they consist of putting two neural networks in competition with one another, until a balanced condition of results is achieved; however at the same time, the possibilities of using these intuitions are almost unlimited, since GANs are able to learn how to imitate and artificially reproduce any data distribution, whether it represents faces, voices, texts, or even works of art.

In this chapter, we will extend the use of GANs in the field of cybersecurity, learning how it is possible to use them to both carry out attacks (such as attacks against...

The number of tools and libraries (both to carry out attacks and to defend from attacks) for developing adversarial examples is constantly growing. We will look at some of the most common examples of these. In this section, we will consolidate the general-use libraries and tools, and in the following sections, we will deal with libraries and specific tools based on the individual strategies and scenarios of attack and defense.

To fully understand the usefulness of these tools and libraries, we need to analyze the vulnerabilities of the cybersecurity solutions based on neural networks, the possibilities involved in the implementation of the attacks, and the difficulties in preparing an appropriate defense.

An interesting demonstration of the potential offered by adversarial attacks conducted in black-box mode is the one described in the paper Practical Black-Box Attacks against Machine Learning (arXiv: 1602.02697v4), in which the possibility of carrying out an attack against remotely hosted DNNs is demonstrated, without the attacker being aware of the configuration characteristics of the target NN.

In these cases, the only information available to the attacker is that of the output returned by the neural network based on the type of input provided by the attacker. In practice, the attacker observes the classification labels returned by the DNN in relation to the attacking inputs. And it is here that an attack strategy becomes interesting. A local substitute model is, in fact, trained in place of the remotely hosted NN, using inputs synthetically...

We have dealt extensively with IDS in Chapter 5, Network Anomaly Detection with AI, where we learned about the delicate role played by these devices in a context like the current one, characterized by a growing explosion of malware threats spread through network attacks.

It is therefore necessary to introduce tools capable of promptly detecting possible malware threats, preventing them from spreading across the entire corporate network, and thereby compromising both the software and the integrity of the data (just think, for example, of the growing diffusion of ransomware attacks).

In order to be able to promptly and effectively carry out—that is, reduce—the number of false positives, it is therefore necessary to equip IDS systems with automated procedures capable of adequately classifying the traffic analyzed. It is no coincidence, therefore...

As a last example of the use of GANs, we will look at what is perhaps the most symptomatic and well-known case, which involves generating adversarial examples representative of human faces.

Apart from the surprising effect that this technique can have on those who examine the results, which are often very realistic, this technique, when used as an attack tool, constitutes a serious threat to all those cybersecurity procedures based on the verification of biometric evidence (often used to access, for example, online banking services, or, more recently, to log in to social networks, and even access your own smartphone).

Moreover, it can be used to deceive even the AI-empowered facial-recognition tools used by the police to identify suspects, consequently reducing their overall reliability.

As demonstrated in the paper Explaining and Harnessing...

In this chapter, we looked at the attack and defense techniques that exploit the adversarial examples created with GANs.

We looked at the concrete threats that can arise from the use of GANs against DNNs that are increasingly at the heart of cybersecurity procedures, such as malware-detection tools, and biometric authentication. In addition to the risks associated with the widespread use of NNs in the management of sensitive data, such as health data, these threats lead to new forms of GAN-based attacks that can compromise even the health and physical safety of citizens.

In the next chapter, we will learn how to evaluate algorithms with the help of several examples.