Adversarial Pattern Classification Using Multiple Classifiers and Randomisation

Authors:
Battista Biggio;Giorgio Fumera;Fabio Roli
Affiliations:
Dept. of Electrical and Electronic Eng., University of Cagliari, Cagliari, Italy 09123;Dept. of Electrical and Electronic Eng., University of Cagliari, Cagliari, Italy 09123;Dept. of Electrical and Electronic Eng., University of Cagliari, Cagliari, Italy 09123
Venue:
SSPR & SPR '08 Proceedings of the 2008 Joint IAPR International Workshop on Structural, Syntactic, and Statistical Pattern Recognition
Year:
2008

Citing 11
Cited 2

Bagging predictors

Machine Learning
On Combining Classifiers

IEEE Transactions on Pattern Analysis and Machine Intelligence
The Random Subspace Method for Constructing Decision Forests

IEEE Transactions on Pattern Analysis and Machine Intelligence
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
Pattern Classification (2nd Edition)

Pattern Classification (2nd Edition)
Adversarial classification

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Adversarial learning

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Can machine learning be secure?

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Handbook of Multibiometrics (International Series on Biometrics)

Handbook of Multibiometrics (International Series on Biometrics)
Nightmare at test time: robust learning by feature deletion

ICML '06 Proceedings of the 23rd international conference on Machine learning
Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems

ICDM '06 Proceedings of the Sixth International Conference on Data Mining

Multiple classifier systems under attack

MCS'10 Proceedings of the 9th international conference on Multiple Classifier Systems
SOCIAL: self-organizing classifier ensemble for adversarial learning

MCS'10 Proceedings of the 9th international conference on Multiple Classifier Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In many security applications a pattern recognition system faces an adversarial classification problem, in which an intelligent, adaptive adversary modifies patterns to evade the classifier. Several strategies have been recently proposed to make a classifier harder to evade, but they are based only on qualitative and intuitive arguments. In this work, we consider a strategy consisting in hiding information about the classifier to the adversary through the introduction of some randomness in the decision function. We focus on an implementation of this strategy in a multiple classifier system, which is a classification architecture widely used in security applications. We provide a formal support to this strategy, based on an analytical framework for adversarial classification problems recently proposed by other authors, and give an experimental evaluation on a spam filtering task to illustrate our findings.