On Sparse Feature Attacks in Adversarial Learning

Fei Wang, Wei Liu, Sanjay Chawla

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Citations (Scopus)

Abstract

Adversarial learning is the study of machine learning techniques deployed in non-benign environments. Example applications include classifications for detecting spam email, network intrusion detection and credit card scoring. In fact as the gamut of application domains of machine learning grows, the possibility and opportunity for adversarial behavior will only increase. Till now, the standard assumption about modeling adversarial behavior has been to empower an adversary to change all features of the classifier sat will. The adversary pays a cost proportional to the size of 'attack'. We refer to this form of adversarial behavior as a dense feature attack. However, the aim of an adversary is not just to subvert a classifier but carry out data transformation in a way such that spam continues to appear like spam to the user as much as possible. We demonstrate that an adversary achieves this objective by carrying out a sparse feature attack. We design an algorithm to show how a classifier should be designed to be robust against sparse adversarial attacks. Our main insight is that sparse feature attacks are best defended by designing classifiers which use l1 regularizers.

Original languageEnglish
Title of host publicationProceedings - 14th IEEE International Conference on Data Mining, ICDM 2014
EditorsRavi Kumar, Hannu Toivonen, Jian Pei, Joshua Zhexue Huang, Xindong Wu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1013-1018
Number of pages6
EditionJanuary
ISBN (Electronic)9781479943029
DOIs
Publication statusPublished - 1 Jan 2014
Event14th IEEE International Conference on Data Mining, ICDM 2014 - Shenzhen, China
Duration: 14 Dec 201417 Dec 2014

Publication series

NameProceedings - IEEE International Conference on Data Mining, ICDM
NumberJanuary
Volume2015-January
ISSN (Print)1550-4786

Other

Other14th IEEE International Conference on Data Mining, ICDM 2014
CountryChina
CityShenzhen
Period14/12/1417/12/14

    Fingerprint

Keywords

  • Adversarial learning
  • Sparse modelling
  • l1 regularizer

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Wang, F., Liu, W., & Chawla, S. (2014). On Sparse Feature Attacks in Adversarial Learning. In R. Kumar, H. Toivonen, J. Pei, J. Zhexue Huang, & X. Wu (Eds.), Proceedings - 14th IEEE International Conference on Data Mining, ICDM 2014 (January ed., pp. 1013-1018). [7023439] (Proceedings - IEEE International Conference on Data Mining, ICDM; Vol. 2015-January, No. January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDM.2014.117