Is feature selection secure against training data poisoning?

32nd International Conference on Machine Learning, ICML 2015

Volumn 2, Issue , 2015, Pages 1689-1698

  Xiao, Huang ^a   Biggio, Battista ^b   Brown, Gavin ^c   Fumera, Giorgio ^b   Eckert, Claudia ^a   Roli, Fabio ^b  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

^b UNIVERSITY OF CAGLIARI   (Italy)

^c UNIVERSITY OF MANCHESTER   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTATIONAL EFFICIENCY; LEARNING SYSTEMS; MALWARE; REGRESSION ANALYSIS;

FEATURE SELECTION METHODS; MALWARE DETECTION; NORMAL OPERATIONS; RANDOM CHOICE; RIDGE REGRESSION; SECURITY APPLICATION; TRAINING SAMPLE; TRAINING SETS;

FEATURE EXTRACTION;

EID: 84969900476     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (42)

1. Barreno, Marco, Nelson, Blaine, Sears, Russell, Joseph, Anthony D., and Tygar, J. D. Can machine learning be secure? In ASIACCS, pp. 16-25, NY, USA, 2006. ACM.
2. Barreno, Marco, Nelson, Blaine, Joseph, Anthony, and Tygar, J. The security of machine learning. Machine Learning, 81:121-148, 2010.
3. Biggio, B., Corona, I., Maiorca, D., Nelson, B., Šrndić, N., Laskov, P., Giacinto, G., and Roli, F. Evasion attacks against machine learning at test time. In Blockeel, H. et al. (eds.), ECML PKDD, Part III, vol. 8190 of LNCS, pp. 387-402. Springer Berlin Heidelberg, 2013a.
4. Biggio, Battista, Nelson, Blaine, and Laskov, Pavel. Poisoning attacks against support vector machines. In Lang-ford, J. and Pineau, J. (eds.), 29th Int'l Conf. on Machine Learning, pp. 1807-1814. Omnipress, 2012.
5. Biggio, Battista, Pillai, Ignazio, Bulò, Samuel Rota, Ariu, Davide, Pelillo, Marcello, and Roli, Fabio. Is data clustering in adversarial settings secure? In ACM Workshop on Artificial Intell. and Sec., pp. 87-98, 2013b. ACM.
6. Biggio, Battista, Fumera, Giorgio, and Roli, Fabio. Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. and Data Eng., 26(4):984-996, 2014.
7. Boyd, Stephen and Vandenberghe, Lieven. Convex Optimization. Cambridge University Press, 2004.
8. Brown, Gavin, Pocock, Adam, Zhao, Ming-Jie, and Luján, Mikel. Conditional likelihood maximisation: A unifying framework for information theoretic feature selection. J. Mach. Learn. Res., 13:27-66, 2012.
9. Brückner, Michael, Kanzow, Christian, and Scheffer, Tobias. Static prediction games for adversarial learning problems. J. Mach. Learn. Res., 13:2617-2654, 2012.
10. Cauwenberghs, Gert and Poggio, Tomaso. Incremental and decremental support vector machine learning. In Leen, T. K. et al. (eds.), NIPS, pp. 409-415. MIT Press, 2000.
11. Dalvi, Nilesh, Domingos, Pedro, Mausam, Sanghai, Sumit, and Verma, Deepak. Adversarial classification. In Knowl. Disc, and Data Mining, pp. 99-108, 2004.
12. Friedman, Jerome H., Hastie, Trevor, and Tibshirani, Rob. Regularization paths for generalized linear models via coordinate descent. J. Stat. Softw., 33(1):1-22, 2 2010.
13. Globerson, Amir and Roweis, Sam T. Nightmare at test time: robust learning by feature deletion. In Cohen, W. and Moore, A. (eds.), 23rd Int'l Conf. on Machine Learning, volume 148, pp. 353-360. ACM, 2006.
14. Graham, Paul. A plan for spam, 2002. URL http://paulgraham.com/spam.html.
15. Hoerl, A. E. and Kennard, R. W. Ridge regression: Biased estimation for nonorthogonal problems. Technometrics, 12(1):55-67, Feb. 1970.
16. Huang, L., Joseph, A. D., Nelson, B., Rubinstein, B., and Tygar, J. D. Adversarial machine learning. In ACM Workshop on Artificial Intell. and Sec., pp. 43-57, Chicago, IL, USA, 2011.
17. IBM. The X-Force threat and risk report. URL http://www-03.ibm.com/security/xforce/.
18. Joseph, Anthony D., Laskov, Pavel, Roli, Fabio, Tygar, J. Doug, and Nelson, Blaine. Machine Learning Methods for Computer Security (Dagstuhl Perspectives Workshop 12371). Dagstuhl Manifestos, 3(1):1-30, 2013.
19. Kloft, M. and Laskov, P. Online anomaly detection under adversarial impact. In 13th Int'l Conf. on Artificial Intell. and Statistics, pp. 405-412, 2010.
20. Kuncheva, Ludmila I. A stability index for feature selection. In Proc. 25th IASTED Int'l Multi-Conf: Artificial Intell. and Applications, pp. 390-395, 2007. ACTA Press.
21. Li, Bo and Vorobeychik, Yevgeniy. Feature cross-substitution in adversarial classification. In Ghahramani, Z. et al. (eds.), NIPS 27, pp. 2087-2095. Curran Associates, Inc., 2014.
22. Lowd, Daniel and Meek, Christopher. Adversarial learning. In Proc. 11th ACM SIGKDD Int'l Conf. on Knowl. Disc, and Data Mining, pp. 641-647, 2005. ACM Press.
23. Maiorca, Davide, Giacinto, Giorgio, and Corona, Igino. A pattern recognition system for malicious PDF files detection. In Perner, P. (ed.), MLDM, vol. 7376 of LNCS, pp. 510-524. Springer Berlin Heidelberg, 2012.
24. Maiorca, Davide, Corona, Igino, and Giacinto, Giorgio. Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious pdf files detection. In ASIACCS, pp. 119-130, 2013. ACM.
25. McCallum, A. and Nigam, K. A comparison of event models for naive bayes text classification. In Proc. AAAI Workshop Learn, for Text Categoriz., pp. 41-48, 1998.
26. Mei, Shike and Zhu, Xiaojin. The security of latent dirichlet allocation. In 18th Int'l Conf. on Artificial Intell. and Statistics, 2015.
27. Nasrabadi, Nasser M., Tran, Trac D., and Nguyen, Nam. Robust lasso with missing and grossly corrupted observations. In Shawe-Taylor, J. et al. (eds.), NIPS 24, pp. 1881-1889. Curran Associates, Inc., 2011.
28. Natarajan, B. K. Sparse approximate solutions to linear systems. SIAM J. Comput., 24(2):227-234, April 1995.
29. Nelson, Blaine, Barreno, Marco, Chi, Fuching Jack, Joseph, Anthony D., Rubinstein, Benjamin I. P., Saini, Udam, Sutton, Charles, Tygar, J. D., and Xia, Kai. Exploiting machine learning to subvert your spam filter. In 1st Workshop on Large-Scale Exploits and Emergent Threats, pp. 1-9, 2008. USENIX Association.
30. Nguyen, N.H. and Tran, T.D. Robust lasso with missing and grossly corrupted observations. IEEE Trans. Inf. Theor., 59(4):2036-2058, 2013.
31. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cour-napeau, D., Brucher, M., Perrot, M., and Duchesnay, E. Scikit-learn: Machine learning in Python. J. Mach. Learn. Res., 12:2825-2830, 2011.
32. Robinson, Gary. A statistical approach to the spam problem. Linux J., 2003(107):3, 2003.
33. Rubinstein, Benjamin I.P., Nelson, Blaine, Huang, Ling, Joseph, Anthony D., Lau, Shing-hon, Rao, Satish, Taft, Nina, and Tygar, J. D. Antidote: understanding and defending against poisoning of anomaly detectors. In 9th Internet Meas. Conf, pp. 1-14, 2009. ACM.
34. Sahami, M., Dumais, S., Heckerman, D., and Horvitz, E. A Bayesian approach to filtering junk e-mail. AAAI Technical Report WS-98-05, Madison, Wisconsin, 1998.
35. Smutz, Charles and Stavrou, Angelos. Malicious PDF detection using metadata and structural features. In 28th Annual Computer Security Applications Conf, pp. 239-248, 2012. ACM.
36. Spitzner, Lance. Honeypots: Tracking Hackers. Addison-Wesley Professional, 2002.
37. Teo, Choon Hui, Globerson, Amir, Roweis, Sam, and Smola, Alex. Convex learning with invariances. In NIPS 20, pp. 1489-1496. MIT Press, 2008.
38. Tibshirani, R. Regression shrinkage and selection via the lasso. J. Royal Stat. Soc. (Ser. B), 58:267-288, 1996.
39. Šrndić, Nedim and Laskov, Pavel. Detection of malicious pdf files based on hierarchical document structure. In NDSS. The Internet Society, 2013.
40. Wang, Fei, Liu, Wei, and Chawla, Sanjay. On sparse feature attacks in adversarial learning. In IEEE Int'l Conf. on Data Mining (ICDM), pp. 1013-1018. IEEE, 2014.
41. Zhang, F., Chan, P.P.K., Biggio, B., Yeung, D.S., and Roli, F. Adversarial feature selection against evasion attacks. IEEE Trans, on Cybernetics, PP(99):1-1, 2015.
42. Zou, Hui and Hastie, Trevor. Regularization and variable selection via the elastic net. J. Royal Stat. Soc. (Ser. B), 67(2):301-320, 2005.