Query strategies for evading convex-inducing classifiers
作者: Benjamin I. P. Rubinstein , Satish Rao , Blaine Nelson , Anthony D. Joseph , J. D. Tygar
关键词:
摘要: Classifiers are often used to detect miscreant activities. We study how an adversary can systematically query a classifier elicit information that allows the attacker evade detection while incurring near-minimal cost of modifying their intended malfeasance. generalize theory Lowd and Meek (2005) family convex-inducing classifiers partition feature space into two sets, one which is convex. present algorithms for this construct undetected instances approximately minimal using only polynomially-many queries in dimension level approximation. Our results demonstrate nearoptimal evasion be accomplished without reverse engineering classifier's decision boundary. also consider general lp costs show near-optimal on generally efficient both positive negative convexity all levels approximation if p = 1.
acm.org
berkeley.edu参考文章(37)
Kymie M. C. Tan, Kevin S. Killourhy, Roy A. Maxion, Undermining an anomaly-based intrusion detection system using common exploits recent advances in intrusion detection. pp. 54- 73 ,(2002) , 10.1007/3-540-36084-0_4
J. Flum, M. Grohe, Parameterized Complexity Theory (Texts in Theoretical Computer Science. An EATCS Series) ,(2006)
Christopher M. Bishop, Pattern Recognition and Machine Learning (Information Science and Statistics) Springer-Verlag New York, Inc.. ,(2006)
David Cohn, Greg Schohn, Less is More: Active Learning with Support Vector Machines international conference on machine learning. pp. 839- 846 ,(2000)
Martin Anthony, Peter L Bartlett, Peter L Bartlett, Neural Network Learning: Theoretical Foundations ,(1999)
Keith M. Ball, An Elementary Introduction to Modern Convex Geometry Flavors of Geometry, 1997, ISBN 0-521-62048-1, págs. 1-58. pp. 1- 58 ,(1997)
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Christopher M. Bishop, Pattern Recognition and Machine Learning ,(2006)
Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, J. D. Tygar, Classifier evasion: models and open problems privacy and security issues in data mining and machine learning. pp. 92- 98 ,(2010) , 10.1007/978-3-642-19896-0_8
Luis Rademacher, Navin Goyal, Learning convex bodies is hard arXiv: Learning. ,(2009)