One-and-a-half-class multiple classifier systems for secure learning against evasion attacks at test time
AbstractPattern classifiers have been widely used in adversarial settings like spam and malware detection, although they have not been originally designed to cope with intelligent attackers that manipulate data at test time to evade detection. While a number of adversary-aware learning algorithms have been proposed, they are computationally demanding and aim to counter specific kinds of adversarial data manipulation. In this work, we overcome these limitations by proposing a multiple classifier system capable of improving security against evasion attacks at test time by learning a decision function that more tightly encloses the legitimate samples in feature space, without significantly compromising accuracy in the absence of attack. Since we combine a set of one-class and two-class classifiers to this end, we name our approach one-and-a-halfclass (1.5C) classification. Our proposal is general and it can be used to improve the security of any classifier against evasion attacks at test time, as shown by the reported experiments on spam and malware detection
Solo gestori archivio
Type: versione editoriale
Size 463.78 kB
Format Adobe PDF
|463.78 kB||Adobe PDF||& nbsp; View / Open Request a copy|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.