Mining adversarial patterns via regularized loss minimization

Wei Liu, Sanjay Chawla

Research output: Contribution to journalArticle

26 Citations (Scopus)

Abstract

Traditional classification methods assume that the training and the test data arise from the same underlying distribution. However, in several adversarial settings, the test set is deliberately constructed in order to increase the error rates of the classifier. A prominent example is spam email where words are transformed to get around word based features embedded in a spam filter. In this paper we model the interaction between a data miner and an adversary as a Stackelberg game with convex loss functions. We solve for the Nash equilibrium which is a pair of strategies (classifier weights, data transformations) from which there is no incentive for either the data miner or the adversary to deviate. Experiments on synthetic and real data demonstrate that the Nash equilibrium solution leads to solutions which are more robust to subsequent manipulation of data and also provide interesting insights about both the data miner and the adversary.

Original languageEnglish
Pages (from-to)69-83
Number of pages15
JournalMachine Learning
Volume81
Issue number1
DOIs
Publication statusPublished - Oct 2010
Externally publishedYes

Fingerprint

Miners
Classifiers
Electronic mail
Experiments

Keywords

  • Loss minimization
  • Nash equilibrium
  • Stackelberg game

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software

Cite this

Mining adversarial patterns via regularized loss minimization. / Liu, Wei; Chawla, Sanjay.

In: Machine Learning, Vol. 81, No. 1, 10.2010, p. 69-83.

Research output: Contribution to journalArticle

@article{3c70d8d3e5744cd5b502ce861ebb2e05,
title = "Mining adversarial patterns via regularized loss minimization",
abstract = "Traditional classification methods assume that the training and the test data arise from the same underlying distribution. However, in several adversarial settings, the test set is deliberately constructed in order to increase the error rates of the classifier. A prominent example is spam email where words are transformed to get around word based features embedded in a spam filter. In this paper we model the interaction between a data miner and an adversary as a Stackelberg game with convex loss functions. We solve for the Nash equilibrium which is a pair of strategies (classifier weights, data transformations) from which there is no incentive for either the data miner or the adversary to deviate. Experiments on synthetic and real data demonstrate that the Nash equilibrium solution leads to solutions which are more robust to subsequent manipulation of data and also provide interesting insights about both the data miner and the adversary.",
keywords = "Loss minimization, Nash equilibrium, Stackelberg game",
author = "Wei Liu and Sanjay Chawla",
year = "2010",
month = "10",
doi = "10.1007/s10994-010-5199-2",
language = "English",
volume = "81",
pages = "69--83",
journal = "Machine Learning",
issn = "0885-6125",
publisher = "Springer Netherlands",
number = "1",

}

TY - JOUR

T1 - Mining adversarial patterns via regularized loss minimization

AU - Liu, Wei

AU - Chawla, Sanjay

PY - 2010/10

Y1 - 2010/10

N2 - Traditional classification methods assume that the training and the test data arise from the same underlying distribution. However, in several adversarial settings, the test set is deliberately constructed in order to increase the error rates of the classifier. A prominent example is spam email where words are transformed to get around word based features embedded in a spam filter. In this paper we model the interaction between a data miner and an adversary as a Stackelberg game with convex loss functions. We solve for the Nash equilibrium which is a pair of strategies (classifier weights, data transformations) from which there is no incentive for either the data miner or the adversary to deviate. Experiments on synthetic and real data demonstrate that the Nash equilibrium solution leads to solutions which are more robust to subsequent manipulation of data and also provide interesting insights about both the data miner and the adversary.

AB - Traditional classification methods assume that the training and the test data arise from the same underlying distribution. However, in several adversarial settings, the test set is deliberately constructed in order to increase the error rates of the classifier. A prominent example is spam email where words are transformed to get around word based features embedded in a spam filter. In this paper we model the interaction between a data miner and an adversary as a Stackelberg game with convex loss functions. We solve for the Nash equilibrium which is a pair of strategies (classifier weights, data transformations) from which there is no incentive for either the data miner or the adversary to deviate. Experiments on synthetic and real data demonstrate that the Nash equilibrium solution leads to solutions which are more robust to subsequent manipulation of data and also provide interesting insights about both the data miner and the adversary.

KW - Loss minimization

KW - Nash equilibrium

KW - Stackelberg game

UR - http://www.scopus.com/inward/record.url?scp=77955660961&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77955660961&partnerID=8YFLogxK

U2 - 10.1007/s10994-010-5199-2

DO - 10.1007/s10994-010-5199-2

M3 - Article

AN - SCOPUS:77955660961

VL - 81

SP - 69

EP - 83

JO - Machine Learning

JF - Machine Learning

SN - 0885-6125

IS - 1

ER -