Adversarial classification

@article{Dalvi2004AdversarialC,
  title={Adversarial classification},
  author={Nilesh N. Dalvi and Pedro M. Domingos and Mausam and Sumit K. Sanghai and Deepak Verma},
  journal={Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining},
  year={2004}
}
Essentially all data mining algorithms assume that the data-generating process is independent of the data miner's activities. [...] Key Method We view classification as a game between the classifier and the adversary, and produce a classifier that is optimal given the adversary's optimal strategy. Experiments in a spam detection domain show that this approach can greatly outperform a classifier learned in the standard way, and (within the parameters of the problem) automatically adapt the classifier to the…Expand
Classifier evaluation and attribute selection against active adversaries
TLDR
A game theoretic framework where equilibrium behavior of adversarial classification applications can be analyzed, and solutions for finding an equilibrium point are provided. Expand
A game theoretic framework for adversarial learning
TLDR
A game theoretic framework where the equilibrium behavior of adversarial learning applications can be analyzed, and a solution for finding the equilibrium point is provided. Expand
Foundations of Adversarial Machine Learning
As classifiers are deployed to detect malicious behavior ran ging from spam to terrorism, adversaries modify their behaviors to avoid detection (e.g., [4, 3, 6]). This makes th very behavior theExpand
Sparse Feature Attacks in Adversarial Learning
TLDR
An algorithm is designed to show how a classifier should be designed to be robust against sparse adversarial attacks, and the main insight is that sparse feature attacks are best defended by designing classifiers which use inline-formula regularizers. Expand
Adversarial support vector machine learning
TLDR
It is demonstrated that it is possible to develop a much more resilient SVM learning model while making loose assumptions on the data corruption models and that optimal solutions may be overly pessimistic when the actual attacks are much weaker than expected. Expand
Adversarial learning
TLDR
This paper introduces the adversarial classifier reverse engineering (ACRE) learning problem, the task of learning sufficient information about a classifier to construct adversarial attacks, and presents efficient algorithms for reverse engineering linear classifiers with either continuous or Boolean features. Expand
Multiple Classifier Systems under Attack
TLDR
This paper empirically investigates whether the well known bagging and random subspace methods allow to improve the robustness of linear base classifiers by producing more uniform weight values, and uses a method for performance evaluation of a classifier under attack that is currently developing. Expand
Bagging Classifiers for Fighting Poisoning Attacks in Adversarial Classification Tasks
TLDR
This work argues that poisoning attacks can be viewed as a particular category of outliers, and, thus, bagging ensembles may be effectively exploited against them, and investigates the effectiveness of bagging on a real, widely used spam filter, and on a web-based intrusion detection system. Expand
Multiple Classifier Systems for Adversarial Classification Tasks
TLDR
A measure of the hardness of evasion of a classifier architecture is proposed, an analytical evaluation and comparison of an individual classifier and a classifiers ensemble architecture are given, and an experimental evaluation on a spam filtering task is reported. Expand
Online phishing classification using adversarial data mining and signaling games
TLDR
Experiments show that the proposed classifier is highly competitive compared with previously proposed online classification algorithms in this adversarial environment, and promising results were obtained using traditional machine learning techniques over extracted features. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 35 REFERENCES
Adversarial learning
TLDR
This paper introduces the adversarial classifier reverse engineering (ACRE) learning problem, the task of learning sufficient information about a classifier to construct adversarial attacks, and presents efficient algorithms for reverse engineering linear classifiers with either continuous or Boolean features. Expand
Adaptive Fraud Detection
TLDR
This paper uses a rule-learning program to uncover indicators of fraudulent behavior from a large database of customer transactions, which are used to create a set of monitors, which profile legitimate customer behavior and indicate anomalies. Expand
Learning nonstationary models of normal network traffic for detecting novel attacks
TLDR
This paper proposes a learning algorithm that constructs models of normal behavior from attack-free network traffic that can be combined to increase coverage of traditional intrusion detection systems. Expand
MetaCost: a general method for making classifiers cost-sensitive
TLDR
A principled method for making an arbitrary classifier cost-sensitive by wrapping a cost-minimizing procedure around it is proposed, called MetaCost, which treats the underlying classifier as a black box, requiring no knowledge of its functioning or change to it. Expand
Mining time-changing data streams
TLDR
An efficient algorithm for mining decision trees from continuously-changing data streams, based on the ultra-fast VFDT decision tree learner is proposed, called CVFDT, which stays current while making the most of old data by growing an alternative subtree whenever an old one becomes questionable, and replacing the old with the new when the new becomes more accurate. Expand
Information awareness: a prospective technical assessment
TLDR
It is shown how both the accuracy and privacy impact of a hypothetical system could be substantially improved, and the necessary and sufficient conditions for this improvement to be achieved. Expand
A Memory-Based Approach to Anti-Spam Filtering for Mailing Lists
TLDR
An extensive empirical evaluation of memory-based learning in the context of anti-spam filtering, a novel cost-sensitive application of text categorization that attempts to identify automatically unsolicited commercial messages that flood mailboxes, concludes that memory- based anti- Spam filtering for mailing lists is practically feasible, especially when combined with additional safety nets. Expand
"In vivo" spam filtering: a challenge problem for KDD
TLDR
This paper argues that researchers should pursue in vivo spam filtering as an accessible domain for investigating them and demonstrates some of the characteristics that make it a rich and challenging domain for data mining. Expand
Robust Classification for Imprecise Environments
TLDR
It is shown that it is possible to build a hybrid classifier that will perform at least as well as the best available classifier for any target conditions, and in some cases, the performance of the hybrid actually can surpass that of the best known classifier. Expand
On the Optimality of the Simple Bayesian Classifier under Zero-One Loss
TLDR
The Bayesian classifier is shown to be optimal for learning conjunctions and disjunctions, even though they violate the independence assumption, and will often outperform more powerful classifiers for common training set sizes and numbers of attributes, even if its bias is a priori much less appropriate to the domain. Expand
...
1
2
3
4
...