Name
Abstract | ||
|---|---|---|
There is an intrinsic adversarial nature in the security domain such as spam filtering and malware detection systems that attempt to mislead the detection system. This adversarial nature makes security applications different from the classical machine learning problems; for instance, an adversary (attacker) might change the distribution of test data and violate the data stationarity, a common assumption in machine learning techniques. Since machine learning methods are not inherently adversary-aware, a classifier designer should investigate the robustness of a learning system under attack. In this respect, recent studies have modeled the identified attacks against machine learning-based detection systems. Based on this, a classifier designer can evaluate the performance of a learning system leveraging the modeled attacks. Prior research explored a gradient-based approach in order to devise an attack against a classifier with differentiable discriminant function like SVM. However, there are several powerful classifiers with non-differentiable decision boundary such as Random Forest, which are commonly used in different security domain and applications. In this paper, we present a novel approach to model an attack against classifiers with non-differentiable decision boundary. In the experimentation, we first present an example that visually shows the effect of a successful attack on the handwritten digits classification task. Then we conduct experiments for two well-known applications in the security domain: spam filtering and malware detection in PDF files. The experimental results demonstrate that the proposed attack successfully evades Random Forest classifier and effectively degrades the classifier’s performance. |
Year | DOI | Venue |
|---|---|---|
2017 | https://doi.org/10.1007/s10489-017-0907-2 | Appl. Intell. |
Keywords | Field | DocType |
Machine learning,Security application,Evasion attack,Discriminant function,Surrogate classifier | Data mining,Margin (machine learning),MNIST database,Computer science,Artificial intelligence,Classifier (linguistics),Decision boundary,Security domain,Multi-task learning,Pattern recognition,Support vector machine,Margin classifier,Machine learning | Journal |
Volume | Issue | ISSN |
47 | 2 | 0924-669X |
Citations | PageRank | References |
3 | 0.36 | 14 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Zeinab Khorshidpour | 1 | 16 | 1.93 |
| Sattar Hashemi | 2 | 369 | 34.95 |
| Ali Hamzeh | 3 | 214 | 29.47 |