Emanuel Valente
Emanuel Valente is the principal cybersecurity engineer at iFood, the largest food tech company in Latin America, where he technically leads the security engineering team dedicated to designing and implementing advanced cybersecurity solutions. With over ten years of experience, Emanuel specializes in various security disciplines, including cloud and edge security, runtime security, and AI security. He brings a solid foundation in mathematics, statistics, and computer science to his work. Emanuel is pursuing a Master's in Cyber Security at the University of São Paulo. He has studied under the Fulbright Scholarship at the University of Arizona and the University of Florida, focusing on malware analysis. Additionally, Emanuel actively contributes to the OWASP Top 10 for LLM Apps. Committed to advancing cybersecurity technology, he shares his expertise through speaking engagements and research collaborations.
Organization: iFood - Cybersecurity Team
Email: emanuel.valente@ifood.com.br
Twitter Handle: @emanu_valente
Blog: https://blog.ifoodsecurity.com/
Linkedin: https://www.linkedin.com/in/emanuelvalente/
Session
This presentation is part of a graduate research project that delves into the vulnerabilities of Machine Learning (ML) models specifically designed to detect DNS Over HTTPS (DoH) tunnels. Previous research has primarily focused on developing models that prioritize accuracy and explainability. However, these studies have often overlooked the potential of adversarial attacks, leaving the models vulnerable to common adversarial attacks like black-box attacks. This presentation will demonstrate that all cutting-edge DoH tunnel detection models are vulnerable to black-box attacks. Our approach leverages real-world input data generated by DoH tunnel tools, which are constrained in the attack algorithm.
Moreover, we will show specific vulnerable features that model developers should avoid. When this feature type is considered, we successfully evaded all DoH tunnel detection models without using advanced techniques.
Notably, the audience can use the same methods to evade most Machine Learning-Based Network Intrusion Detection Systems, underlining our findings' immediate and practical implications.