Title :
On Sparse Feature Attacks in Adversarial Learning
Author :
Fei Wang ; Wei Liu ; Chawla, Sanjay
Author_Institution :
Sch. of Inf. Technol., Univ. of Sydney, Sydney, NSW, Australia
Abstract :
Adversarial learning is the study of machine learning techniques deployed in non-benign environments. Example applications include classifications for detecting spam email, network intrusion detection and credit card scoring. In fact as the gamut of application domains of machine learning grows, the possibility and opportunity for adversarial behavior will only increase. Till now, the standard assumption about modeling adversarial behavior has been to empower an adversary to change all features of the classifiers at will. The adversary pays a cost proportional to the size of "attack". We refer to this form of adversarial behavior as a dense feature attack. However, the aim of an adversary is not just to subvert a classifier but carry out data transformation in a way such that spam continues to appear like spam to the user as much as possible. We demonstrate that an adversary achieves this objective by carrying out a sparse feature attack. We design an algorithm to show how a classifier should be designed to be robust against sparse adversarial attacks. Our main insight is that sparse feature attacks are best defended by designing classifiers which use ℓ1 regularizers.
Keywords :
computer crime; learning (artificial intelligence); pattern classification; unsolicited e-mail; ℓ1 regularizers; adversarial behavior modeling; adversarial learning; attack size; classifier; data transformation; dense feature attack; machine learning techniques; nonbenign environments; spam; sparse adversarial attacks; sparse feature attack; Data models; Electronic mail; Game theory; Games; Logistics; Robustness; Vectors; Adversarial learning; Sparse modelling; l1 regularizer;
Conference_Titel :
Data Mining (ICDM), 2014 IEEE International Conference on
Conference_Location :
Shenzhen
Print_ISBN :
978-1-4799-4303-6
DOI :
10.1109/ICDM.2014.117
