Publication: Perspectives on Adversarial Classification
Loading...
Official URL
Full text at PDC
Publication Date
2020-11-05
Advisors (or tutors)
Editors
Journal Title
Journal ISSN
Volume Title
Publisher
MDPI
Citations
Exportar
Abstract
Adversarial classification (AC) is a major subfield within the increasingly important domain of adversarial machine learning (AML). So far, most approaches to AC have followed a classical game-theoretic framework. This requires unrealistic common knowledge conditions untenable in the security settings typical of the AML realm. After reviewing such approaches, we present alternative perspectives on AC based on adversarial risk analysis.
Description
UCM subjects
Unesco subjects
Keywords
Citation
1. Bolton, R.J.; Hand, D.J. Statistical fraud detection: A review. Stat. Sci. 2002, 2002, 235–249.
2. El Aassal, A.; Bakis, S.; Das, A.; Verma, R. An In-depth benchmarking and evaluation of phishing detection
research for security needs. IEEE Access 2020, 8, 22170–22192.
3. Simanjuntak, D.; Ipung, H.; Lim, C.; Nugroho, A. Classification Techniques Used to Faciliate Cyber Terrorism
Investigation. In Proceedings of the Second International Conference on Advances in Computing, Control, and
Telecommunication Technologies, Washington, DC, USA, 2–4 January 2010; pp. 198–200.
4. Merrick, H.; McLay, L. Is Screening Cargo Containers for Smuggled Nuclear Threats Worthwhile? Decis. Anal.
2010, 7, 198–200.
5. Comiter, M. Attacking Artificial Intelligence; Belfer Center Paper: Cambridge, MA, USA, 2019.
Mathematics 2020, 8, 1957
6. Dalvi, N.; Domingos, P.; Mausam; Sumit, S.; Verma, D. Adversarial classification. In Proceedings of the Tenth
ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’04, Seattle, WA, USA,
22–25 August 2004; pp. 99–108.
7. Biggio, B.; Roli, F. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognit. 2018,
84, 317–331.
8. Zhou, Y.; Kantarcioglu, M.; Xi, B. A survey of game theoretic approach for adversarial machine learning. In Wiley
Interdisciplinary Reviews: Data Mining and Knowledge Discovery; Wiley: New York, NY, USA, 2018; p. e1259.
9. Antos, D.; Pfeffer, A. Representing Bayesian Games without a Common Prior. In Proceedings AAMAS 2010;
van der Hoek, K., Sen., L., Eds.; IFAMAS: Minneapolis, MN, USA, 2010.
10. Hargreaves-Heap, S.; Varoufakis, Y. Game Theory: A Critical Introduction; Routledge: London, UK, 2004.
11. Rios Insua, D.; Rios, J.; Banks, D. Adversarial risk analysis. J. Am. Stat. Assoc. 2009, 104, 841–854. [CrossRef]
12. Naveiro, R.; Redondo, A.; Insua, D.R.; Ruggeri, F. Adversarial classification: An adversarial risk analysis
approach. Int. J. Approx. Reason. 2019.
13. Gallego, V.; Naveiro, R.; Redondo, A.; Insua, D.R.; Ruggeri, F. Protecting Classifiers From Attacks. A Bayesian
Approach. arXiv 2020, arXiv:2004.08705.
14. Huang, L.; Joseph, A.D.; Nelson, B.; Rubinstein, B.I.; Tygar, J.D. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, AISec ’11, Chicago, IL, USA, 21 October 2011; pp. 43–58.
15. Barreno, M.; Nelson, B.; Sears, R.; Joseph, A.D.; Tygar, J.D. Can machine learning be secure? In Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ACM, Singapore, 14–17 April 2006, pp. 16–25.
16. Bishop, C.M. Pattern Recognition and Machine Learning; Springer: New York, NY, USA, 2006.
17. Rish, I. An empirical study of the naive Bayes classifier. In Proceedings of the IJCAI 2001 Workshop on Empirical Methods in Artificial Intelligence, Seattle, WA, USA, 4–6 August 2001; Volume 3, pp. 41–46.
18. Kingma, D.P.; Mohamed, S.; Rezende, D.J.; Welling, M. Semi-supervised learning with deep generative models.
In Proceedings of the Advances in Neural Information Processing Systems, Montreal, QC, Canada, 8–13 December
2014; pp. 3581–3589.
19. McCullagh, P.; Nelder, J. Generalized Linear Models, 2nd ed.; Chapman and Hall/CRC Monographs on Statistics
and Applied Probability Series; Chapman & Hall: London, UK, 1989.
20. Bottou, L.; Bousquet, O. The tradeoffs of large scale learning. In Proceedings of the Advances in Neural
Information Processing Systems, Vancouver, BC, Canada, 8–11 December 2008; pp. 161–168.
21. Goodfellow, I.; Bengio, Y.; Courville, A. Deep Learning; The MIT Press: Wayne, PA, USA, 2016.
22. Shachter, R.D. Evaluating Influence Diagrams. Oper. Res. 1986, 34, 871–882.
23. Platt, J. Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods. Adv. Large Margin Classif. 1999, 10, 61–74.
24. Hopkins, M.; Reeber, E.; Forman, G.; Suermondt, J. Spambase Data Set. 1999. Available online: https:
//archive.ics.uci.edu/ml/datasets/Spambase (accessed on 4 November 2020).
25. Park, T.; Casella, G. The Bayesian lasso. J. Am. Stat. Assoc. 2008, 103, 681–686.
26. Kim, J.H. Estimating classification error rate: Repeated cross-validation, repeated hold-out and bootstrap. Comput. Stat. Data Anal. 2009, 53, 3735–3745.
27. Banks, D.; Rios, J.; Rios Insua, D. Adversarial Risk Analysis; Francis Taylor: Orlando, FL, USA, 2015.
28. Elkan, C. The Foundations of Cost-Sensitive Learning. In Proceedings of the International Joint Conference on
Artificial Intelligence (IJCAI), Seattle, WA, USA, 4–10 August 2001.
29. Biggio, B.; Fumera, G.; Roli, F. Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. Data Eng. 2014, 26, 984–996.
30. Li, B.; Vorobeychik, Y. Feature cross-substitution in adversarial classification. In Proceedings of the Advances in Neural Information Processing Systems, Montreal, QC, Canada, 8–13 December 2014; pp. 2087–2095.
31. Lowd, D.; Meek, C. Adversarial learning. In Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, KDD ’05, Chicago, IL, USA, 21–24 August 2005; pp. 641–647.
Mathematics 2020, 8, 1957
32. Zhou, Y.; Kantarcioglu, M.; Thuraisingham, B.; Xi, B. Adversarial support vector machine learning.
In Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining,
ACM, Venice, Italy, 24–27 June 2012; pp. 1059–1067.
33. Goodfellow, I.J.; Shlens, J.; Szegedy, C. Explaining and harnessing adversarial examples. arXiv 2014, arXiv:1412.6572.
34. Vorobeichyk, Y.; Kantarcioglu, M. Adversarial Machine Learning; Morgan Clayton: Los Altos, CA, USA, 2019.
35. Kołcz, A.; Teo, C.H. Feature Weighting for Improved Classifier Robustness. In Proceedings of the CEAS’09: Sixth Conference on Email and Anti-Spam, Mountain View, CA, USA, 16–17 July 2009.
36. Vorobeychik, Y.; Li, B. Optimal randomized classification in adversarial settings. In Proceedings of the 2014 International Conference on Autonomous Agents and Multi-agent Systems, AAMAS ’14, Paris, France, 5–9 May
2014; pp. 485–492.
37. Madry, A.; Makelov, A.; Schmidt, L.; Tsipras, D.; Vladu, A. Towards Deep Learning Models Resistant to
Adversarial Attacks. In Proceedings of the International Conference on Learning Representations, Vancouver,
BC, Canada, 30 April–3 May 2018.
38. Moosavi-Dezfooli, S.M.; Fawzi, A.; Frossard, P. Deepfool: A simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition, Las Vegas, NV,
USA, 27–30 June 2016; pp. 2574–2582.
39. Su, J.; Vargas, D.V.; Sakurai, K. One pixel attack for fooling deep neural networks. IEEE Trans. Evol. Comput.2019, 23, 828–841.
40. Gowal, S.; Dvijotham, K.; Stanforth, R.; Bunel, R.; Qin, C.; Uesato, J.; Arandjelovic, R.; Mann, T.A.; Kohli, P. On the Effectiveness of Interval Bound Propagation for Training Verifiably Robust Models. arXiv 2018, arXiv:1810.12715.
41. Kantarcıoglu, M.; Xi, B.; Clifton, C. Classifier evaluation and attribute selection against active adversaries.
Data Min. Knowl. Discov. 2011, 22, 291–335.
42. Großhans, M.; Sawade, C.; Brückner, M.; Scheffer, T. Bayesian games for adversarial regression problems.
In Proceedings of the International Conference on Machine Learning, Atlanta, GA, USA, 17–19 June 2013;
pp. 55–63.
43. Rios, J.; Rios Insua, D. Adversarial Risk Analysis for Counterterrorism Modeling. Risk Anal. 2012, 32, 894–915.
44. Rubinstein, R.Y.; Kroese, D.P. Simulation and the Monte Carlo Method, 3rd ed.; Wiley Publishing: New York, NY,USA, 2016.
45. Chung, K. A Course in Probability Theory; Academic Press: New York, NY, USA, 2001.
46. Csilléry, K.; Blum, M.G.; Gaggiotti, O.E.; François, O. Approximate Bayesian computation (ABC) in practice.
Trends Ecol. Evol. 2010, 25, 410–418.
47. Goodfellow, I.; Pouget-Abadie, J.; Mirza, M.; Xu, B.; Warde-Farley, D.; Ozair, S.; Courville, A.; Bengio, Y.
Generative Adversarial Nets. In Advances in Neural Information Processing Systems 27; Ghahramani, Z., Welling, M.,
Cortes, C., Lawrence, N.D., Weinberger, K.Q., Eds.; Curran Associates, Inc.: Nice, France, 2014; pp. 2672–2680.
48. Grathwohl, W.; Wang, K.C.; Jacobsen, J.H.; Duvenaud, D.; Norouzi, M.; Swersky, K. Your classifier is secretly an
energy based model and you should treat it like one. In Proceedings of the International Conference on Learning
Representations, New Orleans, LA, USA, 6–9 May 2019.
49. Szegedy, C.; Zaremba, W.; Sutskever, I.; Bruna, J.; Erhan, D.; Goodfellow, I.; Fergus, R. Intriguing properties of neural networks. arXiv 2013, arXiv:1312.6199.
50. Le Cun, Y. The MNIST Database. 1998. Available online: http://yann.lecun.com/exdb/mnist/ (accessed on
4 November 2020).
51. Kingma, D.P.; Ba, J. Adam: A method for stochastic optimization. arXiv 2014, arXiv:1412.6980.
52. Welling, M.; Teh, Y.W. Bayesian learning via stochastic gradient Langevin dynamics. In Proceedings of the 28th
International Conference on Machine Learning (ICML-11), Bellevue, WA, USA, 28 June–2 July 2011; pp. 681–688.
53. Ma, Y.A.; Chen, T.; Fox, E. A complete recipe for stochastic gradient MCMC. In Proceedings of the Advances in
Neural Information Processing Systems, Montreal, QC, Canada, 7–12 December 2015; pp. 2917–2925.
54. Altmann, A.; Tolo¸si, L.; Sander, O.; Lengauer, T. Permutation importance: A corrected feature importance
measure. Bioinformatics 2010, 26, 1340–1347.
Mathematics 2020, 8, 1957
55. Gallego, V.; Naveiro, R.; Insua, D.R.; Oteiza, D.G.U. Opponent Aware Reinforcement Learning. arXiv 2019,
arXiv:1908.08773.
56. Biggio, B.; Nelson, B.; Laskov, P. Poisoning attacks against support vector machines. arXiv 2012, arXiv:1206.6389.
57. Ekin, T.; Naveiro, R.; Torres-Barrán, A.; Ríos-Insua, D. Augmented probability simulation methods for non-cooperativegames. arXiv 2019, arXiv:1910.04574.
58. Wilson, A.G.; Izmailov, P. Bayesian Deep Learning and a Probabilistic Perspective of Generalization. arXiv 2020,arXiv:2002.08791.