An Improved Reject on Negative Impact Defense

Causative attack in which the training samples have been attacked in order to mislead the learning of a classifier is a common scenario in adversarial learning. One of the countermeasures is called the data sanitization which removes suspect attack or noisy samples before training. The data sanitization can be categorized into classifier-independent and classifier-dependent methods. Classifier-independent methods measure the characteristics of the samples while classifiers are trained in classifier-dependent methods. Although the accuracy of classifier-dependent methods is higher, they are time-consumed in comparison with classifier-independent methods. This paper proposes a data sanitization method using both classifier-dependent and classifier-independent information. Not only one sample but a set of similar samples identified by the relative neighborhood graph are considered in Reject on Negative Impact method. The experimental results suggest that the performance of the proposed method is similar to the RONI but with less time complexity.

[1]  Blaine Nelson,et al.  The security of machine learning , 2010, Machine Learning.

[2]  Ling Huang,et al.  ANTIDOTE: understanding and defending against poisoning of anomaly detectors , 2009, IMC '09.

[3]  Christopher Meek,et al.  Good Word Attacks on Statistical Spam Filters , 2005, CEAS.

[4]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[5]  Donghai Guan,et al.  Nearest neighbor editing aided by unlabeled data , 2009, Inf. Sci..

[6]  Fabio Roli,et al.  Bagging Classifiers for Fighting Poisoning Attacks in Adversarial Classification Tasks , 2011, MCS.

[7]  Salvatore J. Stolfo,et al.  Casting out Demons: Sanitizing Training Data for Anomaly Sensors , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[8]  Fabrice Muhlenbach,et al.  Identifying and Handling Mislabelled Instances , 2004, Journal of Intelligent Information Systems.

[9]  Blaine Nelson,et al.  Behavior of Machine Learning Algorithms in Adversarial Environments , 2010 .

[10]  J. Doug Tygar,et al.  Adversarial machine learning , 2019, AISec '11.

[11]  Blaine Nelson,et al.  Can machine learning be secure? , 2006, ASIACCS '06.

[12]  Fabio Roli,et al.  Pattern Recognition Systems under Attack , 2013, CIARP.

[13]  Fabio Roli,et al.  Multiple classifier systems for robust classifier design in adversarial environments , 2010, Int. J. Mach. Learn. Cybern..

[14]  Udam Saini Machine Learning in the Presence of an Adversary: Attacking and Defending the SpamBayes Spam Filter , 2008 .

[15]  Ling Huang,et al.  Approaches to adversarial drift , 2013, AISec.

[16]  Yan Zhou,et al.  Combating Good Word Attacks on Statistical Spam Filters with Multiple Instance Learning , 2007 .

[17]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[18]  D. Sculley,et al.  Detecting adversarial advertisements in the wild , 2011, KDD.

[19]  Fabrice Muhlenbach,et al.  Separability Index in Supervised Learning , 2002, PKDD.

[20]  Fabio Roli,et al.  Design of robust classifiers for adversarial environments , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[21]  Claudia Eckert,et al.  Adversarial Label Flips Attack on Support Vector Machines , 2012, ECAI.