Support vector machines under adversarial label contamination

Neurocomputing

Volumn 160, Issue , 2015, Pages 53-62

  Xiao, Huang ^a   Biggio, Battista ^b   Nelson, Blaine ^b   Xiao, Han ^a   Eckert, Claudia ^a   Roli, Fabio ^b  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

^b UNIVERSITY OF CAGLIARI   (Italy)

Author keywords

Adversarial learning; Label flip attacks; Label noise; Support vector machines

Indexed keywords

CLASSIFICATION (OF INFORMATION); HEURISTIC METHODS; LEARNING SYSTEMS; MALWARE; SEMI-SUPERVISED LEARNING; SUPPORT VECTOR MACHINES;

ADVERSARIAL LEARNING; CLASSIFICATION ERRORS; EXPERIMENTAL ANALYSIS; MACHINE LEARNING TECHNIQUES; OPTIMAL ATTACK STRATEGIES; REAL-WORLD DATASETS; SECURITY PROPERTIES; SUPPORT VECTOR MACHINE (SVMS);

LEARNING ALGORITHMS;

ADVERSARIAL LABEL NOISE; ALGORITHM; ANALYSIS; ARTICLE; ATTACK ALGORITHM; CLASSIFICATION ALGORITHM; CLASSIFICATION ERROR; CLASSIFIER; CORRELATION ANALYSIS; ERROR; EXTENSIVE EXPERIMENTAL ANALYSIS; GRADIENT ASCENT ALGORITHM; HYPERPLANE TILTING; HYPOTHESIS; LEARNING ALGORITHM; NOISE; PRIORITY JOURNAL; STATISTICAL PARAMETERS; SUPPORT VECTOR MACHINE;

EID: 84927965371     PISSN: 09252312     EISSN: 18728286     Source Type: Journal    
DOI: 10.1016/j.neucom.2014.08.081     Document Type: Article

References (45)

1. M. Barreno, B. Nelson, R. Sears, A.D. Joseph, J.D. Tygar, Can machine learning be secure? in: ASIACCS '06: Proceedings of the ACM Symposium on Information, Computer and Communication Security, ACM, NY, USA, 2006, pp. 16-25.
2. Barreno M., Nelson B., Joseph A., Tygar J. The security of machine learning. Mach. Learn. 2010, 81:121-148.
3. L. Huang, A.D. Joseph, B. Nelson, B. Rubinstein, J.D. Tygar, Adversarial machine learning, in: 4th ACM Workshop on Artificial Intelligence and Security, Chicago, IL, USA, 2011, pp. 43-57.
4. Biggio B., Fumera G., Roli F. Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. Data Eng. 2014, 26:984-996.
5. B. Nelson, M. Barreno, F.J. Chi, A.D. Joseph, B.I.P. Rubinstein, U. Saini, C. Sutton, J.D. Tygar, K. Xia, Exploiting machine learning to subvert your spam filter, in: 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, USENIX Association, CA, USA, 2008, pp. 1-9.
6. B. Nelson, M. Barreno, F. JackChi, A.D. Joseph, B.I.P. Rubinstein, U. Saini, C. Sutton, J.D. Tygar, K. Xia, Misleading learners: Co-opting your spam filter, in: Machine Learning in Cyber Trust, Springer US, 2009, pp. 17-51.
7. B.I. Rubinstein, B. Nelson, L. Huang, A.D. Joseph, S.-h. Lau, S. Rao, N. Taft, J.D. Tygar, Antidote: understanding and defending against poisoning of anomaly detectors, in: 9th ACM SIGCOMM Internet Measurement Conference, IMC '09, ACM, New York, NY, USA, 2009, pp. 1-14.
8. B. Biggio, G. Fumera, F. Roli, L. Didaci, Poisoning adaptive biometric systems, in: G. Gimel'farb, E. Hancock, A. Imiya, A. Kuijper, M. Kudo, S. Omachi, T. Windeatt, K. Yamada (Eds.), Structural, Syntactic, and Statistical Pattern Recognition, Lecture Notes in Computer Science, vol. 7626, Springer, Berlin, Heidelberg, 2012, pp. 417-425.
9. B. Biggio, L. Didaci, G. Fumera, F. Roli, Poisoning attacks to compromise face templates, in: 6th IAPR International Conference on Biometrics, Madrid, Spain, 2013, pp. 1-7.
10. M. Kloft, P. Laskov, Online anomaly detection under adversarial impact, in: 13th International Conference on Artificial Intelligence and Statistics, 2010, pp. 405-412.
11. Kloft M., Laskov P. Security analysis of online centroid anomaly detection. J. Mach. Learn. Res. 2012, 13:3647-3690.
12. B. Biggio, B. Nelson, P. Laskov, Poisoning attacks against support vector machines, in: J. Langford, J. Pineau (Eds.), 29th International Conference on Machine Learning, Omnipress, Edinburgh, Scotland, 2012.
13. Biggio B., Corona I., Nelson B., Rubinstein B., Maiorca D., Fumera G., Giacinto G., Roli F. Security evaluation of support vector machines in adversarial environments. Support Vector Machines Applications 2014, 105-153. Springer International Publishing, Switzerland. Y. Ma, G. Guo (Eds.).
14. B. Biggio, I. Corona, D. Maiorca, B. Nelson, N. Šrndić, P. Laskov, G. Giacinto, F. Roli, Evasion attacks against machine learning at test time, in: H. Blockeel, K. Kersting, S. Nijssen, F. Železný (Eds.), European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML PKDD), Part III, Lecture Notes in Computer Science, vol. 8190, Springer, Berlin, Heidelberg, 2013, pp. 387-402.
15. N. Dalvi, P. Domingos, Mausam, S. Sanghai, D. Verma, Adversarial classification, in: 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Seattle, 2004, pp. 99-108.
16. D. Lowd, C. Meek, Adversarial learning, in: A. Press (Ed.), Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Chicago, IL, 2005, pp. 641-647.
17. Nelson B., Rubinstein B.I., Huang L., Joseph A.D., Lee S.J., Rao S., Tygar J.D. Query strategies for evading convex-inducing classifiers. J. Mach. Learn. Res. 2012, 13:1293-1332.
18. B. Biggio, I. Pillai, S.R. Bulò, D. Ariu, M. Pelillo, F. Roli, Is data clustering in adversarial settings secure?, in: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, ACM, NY, USA, 2013, pp. 87-98.
19. Biggio B., Bulò S.R., Pillai I., Mura M., Mequanint E.Z., Pelillo M., Roli F. Poisoning complete-linkage hierarchical clustering. Joint IAPR International Workshop on Structural, Syntactic, and Statistical Pattern Recognition, Lecture Notes in Computer Science 2014, vol. 8621:42-52. Springer Berlin Heidelberg, Joensuu, Finland.
20. A. Globerson, S.T. Roweis, Nightmare at test time: robust learning by feature deletion, in: W.W. Cohen, A. Moore (Eds.), Proceedings of the 23rd International Conference on Machine Learning, vol. 148, ACM, Pittsburgh, Pennsylvania, USA, 2006, pp. 353-360.
21. Teo C.H., Globerson A., Roweis S., Smola A. Convex learning with invariances. NIPS 20 2008, 1489-1496. MIT Press, Cambridge, MA. J. Platt, D. Koller, Y. Singer, S. Roweis (Eds.).
22. Brückner M., Kanzow C., Scheffer T. Static prediction games for adversarial learning problems. J. Mach. Learn. Res. 2012, 13:2617-2654.
23. B. Biggio, G. Fumera, F. Roli, Design of robust classifiers for adversarial environments, in: IEEE International Conference on Systems, Man, and Cybernetics, 2011, pp. 977-982.
24. Rodrigues R.N., Ling L.L., Govindaraju V. Robustness of multimodal biometric fusion methods against spoof attacks. J. Vis. Lang. Comput. 2009, 20:169-179.
25. A. Kolcz, C.H. Teo, Feature weighting for improved classifier robustness, in: 6th Conference on Email and Anti-Spam, Mountain View, CA, USA, 2009.
26. B. Biggio, G. Fumera, F. Roli, Multiple classifier systems under attack, in: N.E. Gayar, J. Kittler, F. Roli (Eds.), 9th International Workshop on Multiple Classifier Systems, Lecture Notes in Computer Science, vol. 5997, Springer, Cairo, Egypt, 2010, pp. 74-83.
27. Biggio B., Fumera G., Roli F. Multiple classifier systems for robust classifier design in adversarial environments. Int. J. Mach. Learn. Cybern. 2010, 1:27-41.
28. G.F. Cretu, A. Stavrou, M.E. Locasto, S.J. Stolfo, A.D. Keromytis, Casting out demons: sanitizing training data for anomaly sensors, in: IEEE Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos, CA, USA, 2008, pp. 81-95.
29. B. Biggio, I. Corona, G. Fumera, G. Giacinto, F. Roli, Bagging classifiers for fighting poisoning attacks in adversarial environments, in: C. Sansone, J. Kittler, F. Roli (Eds.), 10th International Workshop on Multiple Classifier Systems, Lecture Notes in Computer Science, vol. 6713, Springer-Verlag, Naples, Italy, 2011, pp. 350-359.
30. Christmann A., Steinwart I. On robust properties of convex risk minimization methods for pattern recognition. J. Mach. Learn. Res. 2004, 5:1007-1034.
31. Kearns M., Li M. Learning in the presence of malicious errors. SIAM J. Comput. 1993, 22:807-837.
32. Frenay B., Verleysen M. Classification in the presence of label noise. a survey. IEEE Trans. Neural Netw. Learn. Syst. 2014, 35(5):845-869.
33. N. Bshouty, N. Eiron, E. Kushilevitz, Pac learning with nasty noise, in: O. Watanabe, T. Yokomori (Eds.), Algorithmic Learning Theory, Lecture Notes in Computer Science, vol. 1720, Springer, Berlin, Heidelberg, 1999, pp. 206-218.
34. B. Biggio, B. Nelson, P. Laskov, Support vector machines under adversarial label noise, in: J. Mach. Learn. Res. - Proceedings of 3rd Asian Conference on Machine Learning, vol. 20, 2011, pp. 97-112.
35. H. Xiao, H. Xiao, C.Eckert, Adversarial label flips attack on support vector machines, in: 20th European Conference on Artificial Intelligence, 2012.
36. C. Smutz, A. Stavrou, Malicious pdf detection using metadata and structural features, in: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12, ACM, New York, NY, USA, 2012, pp. 239-248.
37. G. Wang, T. Wang, H. Zheng, B.Y. Zhao, Man vs. machine: practical adversarial detection of malicious crowdsourcing workers, in: 23rd USENIX Security Symposium, USENIX Association, CA, 2014.
38. Cauwenberghs G., Poggio T. Incremental and decremental support vector machine learning. NIPS 2000, 409-415. MIT Press, Portland, Oregon. T.K. Leen, T.G. Dietterich, V. Tresp (Eds.).
39. C.P. Diehl, G. Cauwenberghs, SVM incremental learning, adaptation and optimization, in: International Journal Conference on Neural Networks, 2003, pp. 2685-2690.
40. Vapnik V.N. The Nature of Statistical Learning Theory 1995, Springer-Verlag New York, Inc., New York, NY, USA.
41. C.-C. Chang, C.-J. Lin, LibSVM: a library for support vector machines, 2001. URL: http://www.csie.ntu.edu.tw/cjlin/libsvm/.
42. Lütkepohl H. Handbook of Matrices 1996, John Wiley & Sons, New York.
43. Scheinberg K. An efficient implementation of an active set method for svms. J. Mach. Learn. Res. 2006, 7:2237-2257.
44. B. Nelson, B. Biggio, P. Laskov, Understanding the risk factors of learning in adversarial environments, in: 4th ACM Workshop on Artificial Intelligence and Security, AISec '11, Chicago, IL, USA, 2011, pp. 87-92.
45. G. Stempfel, L. Ralaivola, Learning svms from sloppily labeled data, in: Proceedings of the 19th International Conference on Artificial Neural Networks: Part I, ICANN '09, Springer-Verlag, Berlin, Heidelberg, 2009, pp. 884-893.