Using Machine Learning for Operational Decisions in Adversarial Environments.

Classical supervised learning assumes that training data is representative of the data expected to be observed in the future. This assumption is clearly violated when an intelligent adversary actively tries to deceive the learner by generating instances very different from those previously seen. The literature on adversarial machine learning aims to address this problem, but often assumes constraints that sophisticated and determined adversaries need not abide by. We model the adversarial machine learning problem by considering an unconstrained, but utilitymaximizing, adversary. In addition, rather than modifying the learning algorithm to increase its robustness to adversarial manipulation, we use an output of an arbitrary probabilistic classifier (such as Naive Bayes) in a linear optimization program that computes optimal randomized operational decisions based on machine learning predictions, operational constraints, and our adversarial model. Our approach is simpler than its predecessors, highly scalable, and we experimentally demonstrate that it outperforms the state of the art on several metrics.

[1]  Sarit Kraus,et al.  Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games , 2008, AAMAS.

[2]  Tobias Scheffer,et al.  Stackelberg games for adversarial prediction problems , 2011, KDD.

[3]  Amir Globerson,et al.  Nightmare at test time: robust learning by feature deletion , 2006, ICML.

[4]  Blaine Nelson,et al.  Adversarial machine learning , 2019, AISec '11.

[5]  Stas Filshtinskiy Cybercrime, cyberweapons, cyber wars: is there too much of it in the air? , 2013, CACM.

[6]  Sanjay Chawla,et al.  Mining adversarial patterns via regularized loss minimization , 2010, Machine Learning.

[7]  Janez Demsar,et al.  Statistical Comparisons of Classifiers over Multiple Data Sets , 2006, J. Mach. Learn. Res..

[8]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[9]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[10]  Jason D. M. Rennie ifile: An Application of Machine Learning to E-Mail Filtering , 2000 .

[11]  Richard Colbaugh,et al.  Predictive defense against evolving adversaries , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[12]  Tobias Scheffer,et al.  Nash Equilibria of Static Prediction Games , 2009, NIPS.

[13]  Steven Salzberg,et al.  On Comparing Classifiers: Pitfalls to Avoid and a Recommended Approach , 1997, Data Mining and Knowledge Discovery.

[14]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.