A game theoretical model for adversarial learning

Wei Liu, Sanjay Chawla

Research output: Chapter in Book/Report/Conference proceedingConference contribution

34 Citations (Scopus)

Abstract

It is now widely accepted that in many situations where classifiers are deployed, adversaries deliberately manipulate data in order to reduce the classifier's accuracy. The most prominent example is email spam, where spammers routinely modify emails to get past classifier-based spam filters. In this paper we model the interaction between the adversary and the data miner as a two-person sequential noncooperative Stackelberg game and analyze the outcomes when there is a natural leader and a follower. We then proceed to model the interaction (both discrete and continuous) as an optimization problem and note that even solving linear Stackelberg game is NP-Hard. Finally we use a real spam email data set and evaluate the performance of local search algorithm under different strategy spaces.

Original languageEnglish
Title of host publicationICDM Workshops 2009 - IEEE International Conference on Data Mining
Pages25-30
Number of pages6
DOIs
Publication statusPublished - 2009
Externally publishedYes
Event2009 IEEE International Conference on Data Mining Workshops, ICDMW 2009 - Miami, FL
Duration: 6 Dec 20096 Dec 2009

Other

Other2009 IEEE International Conference on Data Mining Workshops, ICDMW 2009
CityMiami, FL
Period6/12/096/12/09

    Fingerprint

Keywords

  • Adversarial attacks
  • Genetic algorithms
  • Stackelberg game

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Vision and Pattern Recognition
  • Software

Cite this

Liu, W., & Chawla, S. (2009). A game theoretical model for adversarial learning. In ICDM Workshops 2009 - IEEE International Conference on Data Mining (pp. 25-30). [5360532] https://doi.org/10.1109/ICDMW.2009.9