2012 AdversarialSupportVectorMachine

• (Zhou et al., 2012) ⇒ Yan Zhou, Murat Kantarcioglu, Bhavani Thuraisingham, and Bowei Xi. (2012). “Adversarial Support Vector Machine Learning.” In: Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-2012). ISBN:978-1-4503-1462-6 doi:10.1145/2339530.2339697

Subject Headings:

Notes

Cited By

• http://scholar.google.com/scholar?q=%222012%22+Adversarial+Support+Vector+Machine+Learning
• http://dl.acm.org/citation.cfm?id=2339530.2339697&preflayout=flat#citedby

Quotes

Author Keywords

• Adversarial learning; attack models; learning; models; robust svm

Abstract

Many learning tasks such as spam filtering and credit card fraud detection face an active adversary that tries to avoid detection. For learning problems that deal with an active adversary, it is important to model the adversary's attack strategy and develop robust learning models to mitigate the attack. These are the two objectives of this paper. We consider two attack models: a free-range attack model that permits arbitrary data corruption and a restrained attack model that anticipates more realistic attacks that a reasonable adversary would devise under penalties. We then develop optimal SVM learning strategies against the two attack models. The learning algorithms minimize the hinge loss while assuming the adversary is modifying data to maximize the loss. Experiments are performed on both artificial and real data sets. We demonstrate that optimal solutions may be overly pessimistic when the actual attacks are much weaker than expected. More important, we demonstrate that it is possible to develop a much more resilient SVM learning model while making loose assumptions on the data corruption models. When derived under the restrained attack model, our optimal SVM learning strategy provides more robust overall performance under a wide range of attack parameters.

References

;