Randomized Prediction Games for Adversarial Machine Learning

BIGGIO, BATTISTA;PILLAI, IGNAZIO;ROLI, FABIO
2017

Abstract

In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time, e.g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits. Interestingly, randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it results in hiding information about the classifier to the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function accordingly. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for any form of randomization. In this paper, we overcome this limitation by proposing a randomized prediction game, namely, a noncooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections according to some probability distribution defined over the respective strategy set. We show that our approach allows one to improve the tradeoff between attack detection and false alarms with respect to the state-of-the-art secure classifiers, even against attacks that are different from those hypothesized during design, on application examples including handwritten digit recognition, spam, and malware detection.
2016
eng
28
11
2466
2478
13
http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=5962385
Esperti anonimi
internazionale
Scientifica
Artificial Intelligence; Computer Networks and Communications; Computer Science Applications1707 Computer Vision and Pattern Recognition; Software
no
Rota Bulò, S; Biggio, Battista; Pillai, Ignazio; Pelillo, M; Roli, Fabio
1.1 Articolo in rivista
info:eu-repo/semantics/article
1 Contributo su Rivista::1.1 Articolo in rivista
262
5
partially_open
File in questo prodotto:
File Dimensione Formato  
Randomized Prediction Games for Adversarial Machine Learning.pdf

non disponibili

Tipologia: versione editoriale
Dimensione 1.55 MB
Formato Adobe PDF
1.55 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
1609.00804.pdf

accesso aperto

Tipologia: versione pre-print
Dimensione 1.57 MB
Formato Adobe PDF
1.57 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Questionario e social

Condividi su:
Impostazioni cookie