Secure Kernel Machines against Evasion Attacks
作者: Paolo Russu , Ambra Demontis , Battista Biggio , Giorgio Fumera , Fabio Roli
关键词:
摘要: Machine learning is widely used in security-sensitive settings like spam and malware detection, although it has been shown that malicious data can be carefully modified at test time to evade detection. To overcome this limitation, adversary-aware algorithms have developed, exploiting robust optimization game-theoretical models incorporate knowledge of potential adversarial manipulations into the algorithm. Despite these techniques effective some tasks, their adoption practice hindered by different factors, including difficulty meeting specific theoretical requirements, complexity implementation, scalability issues, terms computational space required during training. In work, we aim develop secure kernel machines against evasion attacks are not computationally more demanding than non-secure counterparts. particular, leveraging recent work on robustness regularization, show security a linear classifier drastically improved selecting proper regularizer, depending kind attack, as well unbalancing cost classification errors. We then discuss nonlinear machines, choice function crucial. also errors varying parameters further improve security, yielding decision functions better enclose legitimate data. Our results PDF detection corroborate our analysis.
acm.org
core.ac.uk
sci-hub.se 参考文章(41)
Daniel Lowd, Christopher Meek, Good Word Attacks on Statistical Spam Filters. conference on email and anti-spam. ,(2005)
Nedim Šrndić, Battista Biggio, Giorgio Giacinto, Igino Corona, Fabio Roli, Davide Maiorca, Blaine Nelson, Pavel Laskov, Evasion attacks against machine learning at test time european conference on machine learning. ,vol. 8190, pp. 387- 402 ,(2013) , 10.1007/978-3-642-40994-3_25
Akiko Takeda, Shuichi Katsumata, Robust Cost Sensitive Support Vector Machine international conference on artificial intelligence and statistics. pp. 434- 443 ,(2015)
Battista Biggio, Igino Corona, Zhi-Min He, Patrick P. K. Chan, Giorgio Giacinto, Daniel S. Yeung, Fabio Roli, One-and-a-Half-Class Multiple Classifier Systems for Secure Learning Against Evasion Attacks at Test Time multiple classifier systems. ,vol. 9132, pp. 168- 180 ,(2015) , 10.1007/978-3-319-20248-8_15
Sebastian Nowozin, Stephen J. Wright, Suvrit Sra, Optimization for Machine Learning neural information processing systems. pp. 72- 73 ,(2011)
Leon Bottou, Leon Bottou, V. Vapnik, Yann Lecun, I. Guyon, Eduard Sackinger, Corinna Cortes, Corinna Cortes, U.A. Muller, Patrice Simard, Patrice Simard, A. Brunot, Harris Drucker, Harris Drucker, L.D. Jackel, J. S. Denker, J. S. Denker, Comparison of learning algorithms for handwritten digit recognition EC2 & Cie. pp. 53- 60 ,(1995)
Anh Nguyen, Jason Yosinski, Jeff Clune, Deep neural networks are easily fooled: High confidence predictions for unrecognizable images computer vision and pattern recognition. pp. 427- 436 ,(2015) , 10.1109/CVPR.2015.7298640
J.D. Tygar, Adversarial Machine Learning IEEE Internet Computing. ,vol. 15, pp. 4- 6 ,(2011) , 10.1109/MIC.2011.112
Igino Corona, Davide Maiorca, Davide Ariu, Giorgio Giacinto, None, Lux0R: Detection of Malicious PDF-embedded JavaScript code through Discriminant Analysis of API References Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop. pp. 47- 57 ,(2014) , 10.1145/2666652.2666657
BATTISTA BIGGIO, GIORGIO FUMERA, FABIO ROLI, Pattern Recognition Systems under Attack: Design Issues and Research Challenges International Journal of Pattern Recognition and Artificial Intelligence. ,vol. 28, pp. 1460002- ,(2014) , 10.1142/S0218001414600027