nach oben

International Journal of Machine Learning and Cybernetics

Erschienen in:

01.12.2010 | Original Article

Multiple classifier systems for robust classifier design in adversarial environments

verfasst von: Battista Biggio, Giorgio Fumera, Fabio Roli

Erschienen in: International Journal of Machine Learning and Cybernetics | Ausgabe 1-4/2010

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Pattern recognition systems are increasingly being used in adversarial environments like network intrusion detection, spam filtering and biometric authentication and verification systems, in which an adversary may adaptively manipulate data to make a classifier ineffective. Current theory and design methods of pattern recognition systems do not take into account the adversarial nature of such kind of applications. Their extension to adversarial settings is thus mandatory, to safeguard the security and reliability of pattern recognition systems in adversarial environments. In this paper we focus on a strategy recently proposed in the literature to improve the robustness of linear classifiers to adversarial data manipulation, and experimentally investigate whether it can be implemented using two well known techniques for the construction of multiple classifier systems, namely, bagging and the random subspace method. Our results provide some hints on the potential usefulness of classifier ensembles in adversarial classification tasks, which is different from the motivations suggested so far in the literature.

Vorheriger Artikel Margin-based active learning for structured predictions

Nächster Artikel Understanding bag-of-words model: a statistical framework

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

Jetzt informieren

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

Jetzt informieren

For a detailed list of tests and corresponding weights, see http://spamassassin.apache.org/tests_3_2_x.html.

http://spamassassin.apache.org/full/3.0.x/dist/masses/README.perceptron.

The Apache Spam Assassin Project. http://spamassassin.apache.org/

Barreno M, Nelson B, Sears R, Joseph AD, Tygar JD (2006) Can machine learning be secure? In: ASIACCS ’06: proceeding 2006 ACM symposium on information, computer and communications security, New York, NY, USA. ACM, New York, pp 16–25

Benediktsson JA, Kittler J, Roli F (eds) (2009) Multiple classifier systems, 8th international workshop (MCS 2009). In: Lecture notes in computer science, vol 5519. Springer, New York

Biggio B, Fumera G, Roli F (2008) Adversarial pattern classification using multiple classifiers and randomisation. In: 12th Joint IAPR international workshop on structural and syntactic pattern recognition (SSPR 2008). LNCS, vol 5342. Springer-Verlag, New York, pp 500–509

Biggio B, Fumera G, Roli F (2009) Evade hard multiple classifier systems. In: Okun O, Valentini G (eds) Supervised and unsupervised ensemble methods and their applications. Studies in computational intelligence, vol 245. Springer, Berlin, pp 15–38

Biggio B, Fumera G, Roli F (2009) Multiple classifier systems for adversarial classification tasks. In: Benediktsson JA, Kittler J, Roli F (eds) Multiple classifier systems, 8th international workshop (MCS 2009). Lecture notes in computer science, vol 5519. Springer, New York, pp 132–141

Biggio B, Fumera G, Roli F (2010) Multiple classifier systems under attack. In: Gayar NE, Kittler J, Roli F (eds) MCS. Lecture notes in computer science. Springer, Berlin, pp 74–83

Bishop CM (2007) Pattern recognition and machine learning (Information science and statistics), 1st edn. Springer, Berlin

Breiman L (1996) Bagging predictors. Mach Learn 24(2):123–140MATHMathSciNet

10.

Breiman L (2001) Random forests. Mach Learn 45:5–32MATHCrossRef

11.

Bühlmann P, Yu B (2002) Analyzing bagging. Ann Stat 30(4):927–961MATHCrossRef

12.

Buja A, Stuetzle W (2000) The effect of bagging on variance, bias, and mean squared error. Technical report. AT&T Labs-Research

13.

Cárdenas AA, Baras JS (2006) Evaluation of classifiers: practical considerations for security applications. In: AAAI workshop on evaluation methods for machine learning, Boston, MA, USA

14.

Chang C-C, Lin C-J (2001) LibSVM: a library for support vector machines. http://www.csie.ntu.edu.tw/~cjlin/libsvm/

15.

Cormack GV (2007) Trec 2007 spam track overview. In: Voorhees EM, Buckland LP (eds) TREC, volume special publication 500-274. National Institute of Standards and Technology (NIST)

16.

Cretu GF, Stavrou A, Locasto ME, Stolfo SJ, Keromytis AD (2008) Casting out demons: sanitizing training data for anomaly sensors. In: IEEE symposium on security and privacy, pp 81–95

17.

Dalvi N, Domingos P, Mausam, Sanghai S, Verma D (2004) Adversarial classification. In: Tenth ACM SIGKDD international conference on knowledge discovery and data mining (KDD), Seattle, pp 99–108

18.

Domingos P (1997) Why does bagging work? a bayesian account and its implications. In: Proceedings of 3rd international conference on knowledge discovery and data mining, pp 155–158

19.

Drucker H, Wu D, Vapnik VN (1999) Support vector machines for spam categorization. IEEE Trans Neural Netw 10(5):1048–1054CrossRef

20.

Fogla P, Sharif M, Perdisci R, Kolesnikov O, Lee W (2006) Polymorphic blending attacks. In: USENIX-SS’06: proceedings of 15th conference on USENIX security symposium. USENIX Association

21.

Friedman JH, Hall P (2007) On bagging and nonlinear estimation. J Stat Plan Inference 137(3):669–683. Special issue on nonparametric statistics and related topics: in honor of M.L. Puri

22.

Galbally-Herrero J, Fierrez-Aguilar J, Rodriguez-Gonzalez JD, Alonso-Fernandez F, Ortega-Garcia J, Tapiador M (2006) On the vulnerability of fingerprint verification systems to fake fingerprint attacks. In: Proceedings of IEEE international Carnahan conference on security technology, ICCST, pp 130–136

23.

Gargiulo F, Kuncheva LI, Sansone C. Network protocol verification by a classifier selection ensemble. In: Benediktsson JA, Kittler J, Roli F (eds) (2009) Multiple classifier systems, 8th international workshop (MCS 2009). In: Lecture notes in computer science, vol 5519. Springer, New York, pp 314–323

24.

Globerson A, Roweis ST (2006) Nightmare at test time: robust learning by feature deletion. In: Cohen WW, Moore A (eds) ICML. ACM international conference proceeding series, vol 148. ACM, New York, pp 353–360

25.

Graham P (2002) A plan for spam. http://paulgraham.com/spam.html

26.

Graham-Cumming J (2004) How to beat an adaptive spam filter. In: MIT Spam conference, Cambridge, MA, USA

27.

Grandvalet Y (2004) Bagging equalizes influence. Mach Learn 55:251–270MATHCrossRef

28.

Haindl M, Kittler J, Roli F (eds) (2007) Multiple classifier systems. 7th international workshop, MCS 2007, Prague, Czech Republic, May 23–25, 2007. Proceedings, lecture notes in computer science, vol 4472. Springer, New York

29.

Hershkop S, Stolfo SJ (2005) Combining email models for false positive reduction. In: KDD ’05: Proceedings of 11th ACM SIGKDD international conference on knowledge discovery in data mining. ACM, New York, pp 98–107

30.

Ho TK (1998) The random subspace method for constructing decision forests. IEEE Trans Pattern Anal Mach Intell 20(8):832–844CrossRef

31.

Jorgensen Z, Zhou Y, Inge M (2008) A multiple instance learning strategy for combating good word attacks on spam filters. J Mach Learn Res 9:1115–1146

32.

Kemmerer RA, Vigna G (2002) Intrusion detection: a brief history and overview (supplement to Computer magazine). Computer 35:27–30CrossRef

33.

Kittler J, Hatef M, Duin RP, Matas J (1998) On combining classifiers. IEEE Trans Pattern Anal Mach Intell 20(3):226–239CrossRef

34.

Kloft M, Laskov P. A ’poisoning’ attack against online anomaly detection. In: Laskov P, Lippmann R (eds) Neural information processing systems (NIPS) workshop on machine learning in adversarial environments for computer security. http://mls-nips07.first.fraunhofer.de

35.

Kolcz A, Teo CH (2009) Feature weighting for improved classifier robustness. In: 6th conference on Email and Anti-Spam (CEAS)

36.

Kuncheva LI (2004) Combining pattern classifiers: methods and algorithms. Wiley, HobokenMATHCrossRef

37.

Laskov P, Kloft M (2009) A framework for quantitative security analysis of machine learning. In: AISec ’09: proceedings of 2nd ACM workshop on security and artificial intelligence. ACM, New York, pp 1–4

38.

Laskov P, Lippmann R (eds) (2007) Neural information processing systems (NIPS) workshop on machine learning in adversarial environments for computer security. http://mls-nips07.first.fraunhofer.de

39.

Lewis DD (1992) An evaluation of phrasal and clustered representations on a text categorization task. In: SIGIR ’92: proceedings of 15th annual international ACM SIGIR conference research and development in information retrieval, New York, NY, USA, pp 37–50

40.

Lowd D, Meek C (2005) Adversarial learning. In: Press A (ed) Proceedings of 11th ACM SIGKDD international conference on knowledge discovery and data mining (KDD), pp 641–647

41.

Lowd D, Meek C (2005) Good word attacks on statistical spam filters. In: 2nd conference on Email and Anti-Spam (CEAS)

42.

Meyer TA, Whateley B (2004) Spambayes: effective open-source, bayesian based, email classification system. In: 1st conference on Email and Anti-Spam (CEAS)

43.

Perdisci R, Dagon D, Lee W, Fogla P, Sharif M (2006) Misleading worm signature generators using deliberate noise injection. In: IEEE symposium on security and privacy, pp 15–31

44.

Perdisci R, Gu G, Lee W (2006) Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems. In: International conference on data mining (ICDM). IEEE Computer Society, pp 488–498

45.

Rodrigues RN, Ling LL, Govindaraju V (2009) Robustness of multimodal biometric fusion methods against spoof attacks. J Vis Lang Comput 20(3):169–179CrossRef

46.

Ross AA, Nandakumar K, Jain AK (2006) Handbook of multibiometrics. Springer, New York

47.

Skillicorn DB (2009) Adversarial knowledge discovery. IEEE Intell Syst 24:54–61CrossRef

48.

Skurichina M, Duin RPW (1998) Bagging for linear classifiers. Pattern Recognit 31:909–930CrossRef

49.

Skurichina M, Duin RPW (2002) Bagging, boosting and the random subspace method for linear classifiers. Pattern Anal Appl 5(2):121–135MATHCrossRefMathSciNet

50.

Stern H (2008) A survey of modern spam tools. In: 5th conference on Email and Anti-Spam (CEAS)

51.

Sutton C, Sindelar M, McCallum A (2005) Feature bagging: preventing weight undertraining in structured discriminative learning. IR 402, University of Massachusetts

52.

Tran T, Tsai P, Jan T (2008) An adjustable combination of linear regression and modified probabilistic neural network for anti-spam filtering. In: International conference on pattern recognition (ICPR08), pp 1–4

53.

Uludag U, Jain AK (2004) Attacks on biometric systems: a case study in fingerprints. In: Proceedings of SPIE-EI 2004, security, steganography and watermarking of multimedia contents VI, pp 622–633

Titel: Multiple classifier systems for robust classifier design in adversarial environments
verfasst von: Battista Biggio
Giorgio Fumera
Fabio Roli
Publikationsdatum: 01.12.2010
Verlag: Springer-Verlag
Erschienen in: International Journal of Machine Learning and Cybernetics / Ausgabe 1-4/2010
Print ISSN: 1868-8071
Elektronische ISSN: 1868-808X
DOI: https://doi.org/10.1007/s13042-010-0007-7

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Die Gewinner und Laudatoren des Sustainability Award in Automotive 2024/© Uli Regenscheit | ATZlive, Search Icon, Banner Hanser, Dr. Fabian Struck/© Forto Logistics SE & Co., Bau Immobilie/© Gina Sanders / Fotolia, Kundenpotenzial/© Andrii Yalanskyi / Getty Images / iStock, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH, adäsion-Webinar-Matinee/© krystiannawrocki_ Getty Images

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelectronics worldwide

ATZelektronik

Weitere Artikel der Ausgabe 1-4/2010

Genetic Algorithm-Neural Network (GANN): a study of neural network activation functions and depth of genetic algorithm search applied to feature selection

Optimal production schedule in declining market for an imperfect production system

Full-class set classification using the Hungarian algorithm

Understanding bag-of-words model: a statistical framework

International journal of machine learning and cybernetics

An efficient gene selection technique for cancer recognition based on neighborhood mutual information

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.