Article

Adversarial learning

Authors:

Daniel Lowd,

Christopher MeekAuthors Info & Claims

KDD '05: Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining

Pages 641 - 647

https://doi.org/10.1145/1081870.1081950

Published: 21 August 2005 Publication History

Get Access

Abstract

Many classification tasks, such as spam filtering, intrusion detection, and terrorism detection, are complicated by an adversary who wishes to avoid detection. Previous work on adversarial classification has made the unrealistic assumption that the attacker has perfect knowledge of the classifier [2]. In this paper, we introduce the adversarial classifier reverse engineering (ACRE) learning problem, the task of learning sufficient information about a classifier to construct adversarial attacks. We present efficient algorithms for reverse engineering linear classifiers with either continuous or Boolean features and demonstrate their effectiveness using real data from the domain of spam filtering.

References

[1]

D. Angluin. Queries and concept learning. Machine Learning, 2(4):319--342, 1988.

Crossref

Google Scholar

[2]

N. Dalvi, P. Domingos, Mausam, S. Sanghai, and D. Verma. Adversarial classification. In KDD '04: Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining, pages 99--108. ACM Press, 2004.

Digital Library

Google Scholar

[3]

D. Lowd and C. Meek. Good word attacks on statistical spam filters. In Proceedings of the Second Conference on Email and Anti-Spam, Palo Alto, CA, 2005.

Google Scholar

[4]

M. Sahami, S. Dumais, D. Heckerman, and E. Horvitz. A Bayesian approach to filtering junk E-mail. In Learning for Text Categorization: Papers from the 1998 Workshop, Madison, Wisconsin, 1998. AAAI Technical Report WS-98-05.

Google Scholar

[5]

S. Tzu. The art of war, 500bc.

Google Scholar

[6]

L. G. Valiant. A theory of the learnable. Communications of the ACM, 27(11):1134--1142, 1984.

Digital Library

Google Scholar

[7]

L. Zhang and T. Yao. Filtering junk mail with a maximum entropy model. In ICCPOL2003, pages 446--453, ShenYang, China, 2003.

Google Scholar

Cited By

View all

Liu RMatuszek CNicholas C(2024)An Efficient PDF Malware Detection Method Using Highly Compact FeaturesProceedings of the ACM Symposium on Document Engineering 202410.1145/3685650.3685668(1-4)Online publication date: 20-Aug-2024
https://dl.acm.org/doi/10.1145/3685650.3685668
Schröder JBreier J(2024)RMF: A Risk Measurement Framework for Machine Learning ModelsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670867(1-6)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670867
Babaagba KMurali RThomson SLi XHandl J(2024)Exploring the use of fitness landscape analysis for understanding malware evolutionProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3664094(77-78)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3664094
Show More Cited By

Index Terms

Adversarial learning
1. Computing methodologies
  1. Machine learning
2. Theory of computation
  1. Design and analysis of algorithms

Recommendations

Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications Conference

Existing techniques on adversarial malware generation employ feature mutations based on feature vectors extracted from malware. However, most (if not all) of these techniques suffer from a common limitation: feasibility of these attacks is unknown. The ...
Ensembles in adversarial classification for spam
CIKM '09: Proceedings of the 18th ACM conference on Information and knowledge management

The standard method for combating spam, either in email or on the web, is to train a classifier on manually labeled instances. As the spammers change their tactics, the performance of such classifiers tends to decrease over time. Gathering and labeling ...
Optimal randomized classification in adversarial settings
AAMAS '14: Proceedings of the 2014 international conference on Autonomous agents and multi-agent systems

The problem of learning to distinguish good inputs from malicious has come to be known as adversarial classification emphasizing the fact that, unlike traditional classification, the adversary can manipulate input instances to avoid being so classified. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

KDD '05: Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining

August 2005

844 pages

ISBN:159593135X

DOI:10.1145/1081870

General Chair:
Robert Grossman
University of Illinois at Chicago & Open Data Partners, USA
,
Program Chairs:
Roberto Bayardo
IBM Almaden Research, USA
,
Kristin Bennett
RPI, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 August 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

KDD05

Sponsor:

KDD05: The Eleventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

August 21 - 24, 2005

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 1,003 of 6,772 submissions, 15%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

448
Total Citations
View Citations
3,139
Total Downloads

Downloads (Last 12 months)242
Downloads (Last 6 weeks)32

Reflects downloads up to 30 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Liu RMatuszek CNicholas C(2024)An Efficient PDF Malware Detection Method Using Highly Compact FeaturesProceedings of the ACM Symposium on Document Engineering 202410.1145/3685650.3685668(1-4)Online publication date: 20-Aug-2024
https://dl.acm.org/doi/10.1145/3685650.3685668
Schröder JBreier J(2024)RMF: A Risk Measurement Framework for Machine Learning ModelsProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670867(1-6)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670867
Babaagba KMurali RThomson SLi XHandl J(2024)Exploring the use of fitness landscape analysis for understanding malware evolutionProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3638530.3664094(77-78)Online publication date: 14-Jul-2024
https://dl.acm.org/doi/10.1145/3638530.3664094
Peck JGoossens BSaeys Y(2024)An Introduction to Adversarially Robust Deep LearningIEEE Transactions on Pattern Analysis and Machine Intelligence10.1109/TPAMI.2023.333108746:4(2071-2090)Online publication date: Apr-2024
https://doi.org/10.1109/TPAMI.2023.3331087
Rao NMa CHe F(2024)Game Strategies for Data Transfer Infrastructures Against ML-Profile ExploitsIEEE Transactions on Machine Learning in Communications and Networking10.1109/TMLCN.2024.34178892(925-938)Online publication date: 2024
https://doi.org/10.1109/TMLCN.2024.3417889
Peng DKe QAmbikapathi AYazici YLei YLiu J(2024)Unsupervised Domain Adaptation via Domain-Adaptive DiffusionIEEE Transactions on Image Processing10.1109/TIP.2024.342498533(4245-4260)Online publication date: 2024
https://doi.org/10.1109/TIP.2024.3424985
Sadeghzadeh ASobhanian ADehghan FJalili R(2024)HODA: Hardness-Oriented Detection of Model Extraction AttacksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332060919(1429-1439)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3320609
Zhang ZLiu MSun MDeng RCheng PNiyato DChow MChen J(2024)Vulnerability of Machine Learning Approaches Applied in IoT-Based Smart Grid: A ReviewIEEE Internet of Things Journal10.1109/JIOT.2024.334938111:11(18951-18975)Online publication date: 1-Jun-2024
https://doi.org/10.1109/JIOT.2024.3349381
Brighente AConti MRenzone GPeruzzi GPozzebon A(2024)Security and Privacy of Smart Waste Management Systems: A Cyber–Physical System PerspectiveIEEE Internet of Things Journal10.1109/JIOT.2023.332253211:5(7309-7324)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3322532
Lin CKuo CYoung S(2024)Quantum Adversarial Learning for Hyperspectral Remote SensingIGARSS 2024 - 2024 IEEE International Geoscience and Remote Sensing Symposium10.1109/IGARSS53475.2024.10641438(7807-7811)Online publication date: 7-Jul-2024
https://doi.org/10.1109/IGARSS53475.2024.10641438
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps

Ensembles in adversarial classification for spam

Optimal randomized classification in adversarial settings