Scalable Optimization of Randomized Operational Decisions in Adversarial Classification Settings

When learning, such as classification, is used in adversarial settings, such as intrusion detection, intelligent adversaries will attempt to evade the resulting policies. The literature on adversarial machine learning aims to develop learning algorithms which are robust to such adversarial evasion, but exhibits two significant limitations: a) failure to account for operational constraints and b) a restriction that decisions are deterministic. To overcome these limitations, we introduce a conceptual separation between learning, used to infer attacker preferences, and operational decisions, which account for adversarial evasion, enforce operational constraints, and naturally admit randomization. Our approach gives rise to an intractably large linear program. To overcome scalability limitations, we introduce a novel method for estimating a compact parity basis representation for the operational decision function. Additionally, we develop an iterative constraint generation approach which embeds adversary’s best response calculation, to arrive at a scalable algorithm for computing near-optimal randomized operational decisions. Extensive experiments demonstrate the efficacy of our approach.

[1]  Nathan Linial,et al.  The influence of variables on Boolean functions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[2]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.

[3]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[4]  Ling Huang,et al.  Query Strategies for Evading Convex-Inducing Classifiers , 2010, J. Mach. Learn. Res..

[5]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[6]  Fabio Roli,et al.  Adversarial Pattern Classification Using Multiple Classifiers and Randomisation , 2008, SSPR/SPR.

[7]  Vangelis Metsis,et al.  Spam Filtering with Naive Bayes - Which Naive Bayes? , 2006, CEAS.

[8]  Manish Jain,et al.  Software Assistants for Randomized Patrol Planning for the LAX Airport Police and the Federal Air Marshal Service , 2010, Interfaces.

[9]  Richard Colbaugh,et al.  Predictive defense against evolving adversaries , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[10]  Branislav Bosanský,et al.  Game-theoretic resource allocation for malicious packet detection in computer networks , 2012, AAMAS.

[11]  William W. Cohen,et al.  Proceedings of the 23rd international conference on Machine learning , 2006, ICML 2008.

[12]  J. Doug Tygar,et al.  Adversarial machine learning , 2019, AISec '11.

[13]  Tobias Scheffer,et al.  Stackelberg games for adversarial prediction problems , 2011, KDD.

[14]  Daniel Lowd,et al.  Convex Adversarial Collective Classification , 2013, ICML.

[15]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[16]  Ryan O'Donnell,et al.  Some topics in analysis of boolean functions , 2008, STOC.

[17]  Ronald de Wolf,et al.  A Brief Introduction to Fourier Analysis on the Boolean Cube , 2008, Theory Comput..

[18]  Stas Filshtinskiy Cybercrime, cyberweapons, cyber wars: is there too much of it in the air? , 2013, CACM.

[19]  Tobias Scheffer,et al.  Nash Equilibria of Static Prediction Games , 2009, NIPS.