Multi-Instance Adversarial Attack on GNN-Based Malicious Domain Detection
Mahmoud Nazzal, Issa Khalil, Abdallah Khreishah, NhatHai Phan, Yao Ma
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 5
This talk, presented by Mahmoud Nazzal, delves into a critical vulnerability within **Graph Neural Networks (GNNs)** when applied to security-critical tasks, specifically **Malicious Domain Detection (MDD)**. The research introduces a novel **multi-instance adversarial attack** named MAA, designed to evade the detection of multiple malicious domains simultaneously. This work, a collaboration between the New Jersey Institute of Technology and QC at Hammed bin Khalifa University, highlights how even state-of-the-art GNN-based MDD systems are susceptible to practical, stealthy, and black-box adversarial manipulations.
AI review
This research unveils MAA, a novel multi-instance adversarial attack capable of collectively evading state-of-the-art GNN-based malicious domain detection systems. Leveraging practical DNS manipulations in a black-box setting, it exposes a critical vulnerability, demanding immediate attention from defenders.