Multiple classifier systems under attack

Authors:
Battista Biggio;Giorgio Fumera;Fabio Roli
Affiliations:
Dept. of Electrical and Electronic Eng., Univ. of Cagliari, Cagliari, Italy;Dept. of Electrical and Electronic Eng., Univ. of Cagliari, Cagliari, Italy;Dept. of Electrical and Electronic Eng., Univ. of Cagliari, Cagliari, Italy
Venue:
MCS'10 Proceedings of the 9th international conference on Multiple Classifier Systems
Year:
2010

Citing 15
Cited 3

Bagging predictors

Machine Learning
On Combining Classifiers

IEEE Transactions on Pattern Analysis and Machine Intelligence
The Random Subspace Method for Constructing Decision Forests

IEEE Transactions on Pattern Analysis and Machine Intelligence
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
Adversarial classification

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Combining email models for false positive reduction

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Adversarial learning

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Can machine learning be secure?

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Handbook of Multibiometrics (International Series on Biometrics)

Handbook of Multibiometrics (International Series on Biometrics)
Nightmare at test time: robust learning by feature deletion

ICML '06 Proceedings of the 23rd international conference on Machine learning
On-line spam filter fusion

SIGIR '06 Proceedings of the 29th annual international ACM SIGIR conference on Research and development in information retrieval
Using an Ensemble of One-Class SVM Classifiers to Harden Payload-based Anomaly Detection Systems

ICDM '06 Proceedings of the Sixth International Conference on Data Mining
Adversarial Pattern Classification Using Multiple Classifiers and Randomisation

SSPR & SPR '08 Proceedings of the 2008 Joint IAPR International Workshop on Structural, Syntactic, and Statistical Pattern Recognition
Multiple Classifier Systems for Adversarial Classification Tasks

MCS '09 Proceedings of the 8th International Workshop on Multiple Classifier Systems
Support vector machines for spam categorization

IEEE Transactions on Neural Networks

Classifier evasion: models and open problems

PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
Pruned random subspace method for one-class classifiers

MCS'11 Proceedings of the 10th international conference on Multiple classifier systems
Adversarial machine learning

Proceedings of the 4th ACM workshop on Security and artificial intelligence

Quantified Score

Hi-index	0.00

Visualization

Abstract

In adversarial classification tasks like spam filtering, intrusion detection in computer networks and biometric authentication, a pattern recognition system must not only be accurate, but also robust to manipulations of input samples made by an adversary to mislead the system itself. It has been recently argued that the robustness of a classifier could be improved by avoiding to overemphasize or underemphasize input features on the basis of training data, since at operation phase the feature importance may change due to modifications introduced by the adversary. In this paper we empirically investigate whether the well known bagging and random subspace methods allow to improve the robustness of linear base classifiers by producing more uniform weight values. To this aim we use a method for performance evaluation of a classifier under attack that we are currently developing, and carry out experiments on a spam filtering task with several linear base classifiers.