论文信息 - Bounding an Attack ’ s Complexity for a Simple Learning Model

Bounding an Attack ’ s Complexity for a Simple Learning Model

As machine learning becomes more prevalent as a systems and networking analysis and detection tool, it is becoming an attractive target for attackers who seek to manipulate the system. We examine a naive model for assessing the effectiveness of classifiers against threats poised by adversaries determined to subvert the learner by inserting data designed for this purpose. Based on this model, we analyze the attack in detail, develop bounds on the adversary’s capability, and discuss the implications for the security of learning-based detection systems.

A. Joseph | Blaine Nelson

[1] Leslie G. Valiant,et al. A theory of the learnable , 1984, CACM.

[2] Ming Li,et al. Learning in the presence of malicious errors , 1993, STOC '88.

[3] Bernhard Schölkopf,et al. Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[4] Philip K. Chan,et al. Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[5] Salvatore J. Stolfo,et al. A Behavior-Based Approach to Securing Email Systems , 2003, MMM-ACNS.

[6] Salvatore J. Stolfo,et al. Detecting Viral Propagations Using Email Behavior Profiles , 2003 .

[7] Nello Cristianini,et al. Kernel Methods for Pattern Analysis , 2004 .

[8] Jeffrey O. Kephart,et al. SpamGuru: An Enterprise Anti-Spam Filtering System , 2004, CEAS.

[9] Tony A. Meyer,et al. SpamBayes: Effective open-source, Bayesian based, email classification system , 2004, CEAS.

[10] Pedro M. Domingos,et al. Adversarial classification , 2004, KDD.

[11] Christopher Meek,et al. Good Word Attacks on Statistical Spam Filters , 2005, CEAS.

[12] Christopher Meek,et al. Adversarial learning , 2005, KDD '05.

[13] Blaine Nelson,et al. Can machine learning be secure? , 2006, ASIACCS '06.

[14] Blaine Nelson,et al. Designing, Implementing, and Analyzing a System for Virus Detection , 2006 .