Adversarial support vector machine learning

Zhou, Yan; Kantarcıoğlu, Murat; Thuraisingham, Bhavani; Xi, Bowei

doi:10.1145/2339530.2339697

Cited by 104 publications

(68 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zhou et al [17] present two attack models for which optimal learning strategies are derived. They formulate a convex optimization problem in which the constraint is defined over the sample space based on the proposed attack models.…”

Section: Related Workmentioning

confidence: 99%

Sparse Bayesian Adversarial Learning Using Relevance Vector Machine Ensembles

Zhou

Kantarcıoğlu

Thuraisingham

2012

2012 IEEE 12th International Conference on Data Mining

Self Cite

View full text Add to dashboard Cite

Abstract-Data mining tasks are made more complicated when adversaries attack by modifying malicious data to evade detection. The main challenge lies in finding a robust learning model that is insensitive to unpredictable malicious data distribution. In this paper, we present a sparse relevance vector machine ensemble for adversarial learning. The novelty of our work is the use of individualized kernel parameters to model potential adversarial attacks during model training. We allow the kernel parameters to drift in the direction that minimizes the likelihood of the positive data. This step is interleaved with learning the weights and the weight priors of a relevance vector machine. Our empirical results demonstrate that an ensemble of such relevance vector machine models is more robust to adversarial attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Sparse Bayesian Adversarial Learning Using Relevance Vector Machine Ensembles

Zhou

Kantarcıoğlu

Thuraisingham

2012

2012 IEEE 12th International Conference on Data Mining

Self Cite

View full text Add to dashboard Cite

show abstract

“…A version of secure SVMs and Relevance Vector Machines (RVMs) has been proposed in [74,73]. Similarly to the problem of learning with invariances, these classifiers aim to minimize the worst-case loss under a given attacker's model.…”

Section: Proactive Defensesmentioning

confidence: 99%

Pattern Recognition Systems under Attack

Roli

Biggio

Fumera

2013

Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications

View full text Add to dashboard Cite

We analyze the problem of designing pattern recognition systems in adversarial settings, under an engineering viewpoint, motivated by their increasing exploitation in security-sensitive applications like spam and malware detection, despite their vulnerability to potential attacks has not yet been deeply understood. We first review previous work and report examples of how a complex system may be evaded either by leveraging on trivial vulnerabilities of its untrained components, e.g., parsing errors in the pre-processing steps, or by exploiting more subtle vulnerabilities of learning algorithms. We then discuss the need of exploiting both reactive and proactive security paradigms complementarily to improve the security by design. Our ultimate goal is to provide some useful guidelines for improving the security of pattern recognition in adversarial settings, and to suggest related open issues to foster research in this area.

show abstract

“…However, in many situations there exists an adversary (such as a spammer) who manipulates the training data distribution (e.g., spam emails) in a way as to attack the classifiers (spam detectors). This is a scenario that challenges the assumption made in most traditional classifiers, and thus has motivated the research advanced of adversarial learning [1][2][3][4][5][6][7].…”

Section: Introductionmentioning

confidence: 99%

“…Recently, Zhou et al [6] introduced a model based on support vector machines that can tackle two kinds of attacks an adversary may carry out. However, the model is only evaluated on synthetically generated data instead of real world evolved data under adversarial influence.…”

Section: Introductionmentioning

confidence: 99%

“…We note that in the column 'Adversarial Modification', only Brückner et al [5] has a different formulation, which modifies all the data point in the union of classification boundary w, where τ i is a scalar associated with each data point. In the column 'Adversarial attack type', Liu et al [4] assume a zero-sum model Zhou et al [6] make the assumption that classification boundary w is not disclosed to the adversary. In the column 'Adversarial budget' and 'attack type', only our sparse model incorporates a pre-defined the budget and sparse feature attack.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On Sparse Feature Attacks in Adversarial Learning

Wang

Liu

Chawla

2014

2014 IEEE International Conference on Data Mining

View full text Add to dashboard Cite

Adversarial learning is the study of machine learning techniques deployed in non-benign environments. Example applications include classifications for detecting spam email, network intrusion detection and credit card scoring. In fact as the gamut of application domains of machine learning grows, the possibility and opportunity for adversarial behavior will only increase.Till now, the standard assumption about modeling adversarial behavior has been to empower an adversary to change all features of the classifiers at will. The adversary pays a cost proportional to the size of "attack". We refer to this form of adversarial behavior as a dense feature attack.However, the aim of an adversary is not just to subvert a classifier but carry out data transformation in a way such that spam continues to appear like spam to the user as much as possible. We demonstrate that an adversary achieves this objective by carrying out a sparse feature attack. We design an algorithm to show how a classifier should be designed to be robust against sparse adversarial attacks. Our main insight is that sparse feature attacks are best defended by designing classifiers which use 1 regularizers.

show abstract

Adversarial support vector machine learning

Cited by 104 publications

References 19 publications

Sparse Bayesian Adversarial Learning Using Relevance Vector Machine Ensembles

Sparse Bayesian Adversarial Learning Using Relevance Vector Machine Ensembles

Pattern Recognition Systems under Attack

On Sparse Feature Attacks in Adversarial Learning

Contact Info

Product

Resources

About