Nội dung được dịch bởi AI, chỉ mang tính chất tham khảo
Hệ thống phân lớp đa dạng cho thiết kế phân lớp vững chắc trong môi trường đối kháng
Tóm tắt
Các hệ thống nhận dạng mẫu đang ngày càng được sử dụng trong các môi trường đối kháng như phát hiện xâm nhập mạng, lọc thư rác và các hệ thống xác thực sinh trắc học, trong đó kẻ thù có thể điều chỉnh dữ liệu một cách thích ứng để làm cho bộ phân loại trở nên không hiệu quả. Các lý thuyết và phương pháp thiết kế hiện tại của hệ thống nhận dạng mẫu không tính đến bản chất đối kháng của những ứng dụng này. Việc mở rộng chúng sang môi trường đối kháng là điều bắt buộc, nhằm bảo vệ sự an toàn và độ tin cậy của các hệ thống nhận dạng mẫu trong các môi trường như vậy. Trong bài báo này, chúng tôi tập trung vào một chiến lược gần đây được đề xuất trong tài liệu nhằm cải thiện khả năng chống chịu của các bộ phân loại tuyến tính trước sự thao tác dữ liệu từ kẻ thù, và điều tra thực nghiệm xem liệu nó có thể được thực hiện bằng hai kỹ thuật nổi tiếng trong việc xây dựng các hệ thống phân loại đa dạng, cụ thể là bagging và phương pháp không gian ngẫu nhiên. Kết quả của chúng tôi cung cấp một số manh mối về tính hữu ích tiềm năng của các tập hợp phân loại trong các nhiệm vụ phân loại đối kháng, khác với các động lực đã được đề xuất cho đến nay trong tài liệu.
Từ khóa
#nhận dạng mẫu #đối kháng #bộ phân loại #bảo mật #độ tin cậyTài liệu tham khảo
The Apache Spam Assassin Project. http://spamassassin.apache.org/
Barreno M, Nelson B, Sears R, Joseph AD, Tygar JD (2006) Can machine learning be secure? In: ASIACCS ’06: proceeding 2006 ACM symposium on information, computer and communications security, New York, NY, USA. ACM, New York, pp 16–25
Benediktsson JA, Kittler J, Roli F (eds) (2009) Multiple classifier systems, 8th international workshop (MCS 2009). In: Lecture notes in computer science, vol 5519. Springer, New York
Biggio B, Fumera G, Roli F (2008) Adversarial pattern classification using multiple classifiers and randomisation. In: 12th Joint IAPR international workshop on structural and syntactic pattern recognition (SSPR 2008). LNCS, vol 5342. Springer-Verlag, New York, pp 500–509
Biggio B, Fumera G, Roli F (2009) Evade hard multiple classifier systems. In: Okun O, Valentini G (eds) Supervised and unsupervised ensemble methods and their applications. Studies in computational intelligence, vol 245. Springer, Berlin, pp 15–38
Biggio B, Fumera G, Roli F (2009) Multiple classifier systems for adversarial classification tasks. In: Benediktsson JA, Kittler J, Roli F (eds) Multiple classifier systems, 8th international workshop (MCS 2009). Lecture notes in computer science, vol 5519. Springer, New York, pp 132–141
Biggio B, Fumera G, Roli F (2010) Multiple classifier systems under attack. In: Gayar NE, Kittler J, Roli F (eds) MCS. Lecture notes in computer science. Springer, Berlin, pp 74–83
Bishop CM (2007) Pattern recognition and machine learning (Information science and statistics), 1st edn. Springer, Berlin
Breiman L (1996) Bagging predictors. Mach Learn 24(2):123–140
Breiman L (2001) Random forests. Mach Learn 45:5–32
Bühlmann P, Yu B (2002) Analyzing bagging. Ann Stat 30(4):927–961
Buja A, Stuetzle W (2000) The effect of bagging on variance, bias, and mean squared error. Technical report. AT&T Labs-Research
Cárdenas AA, Baras JS (2006) Evaluation of classifiers: practical considerations for security applications. In: AAAI workshop on evaluation methods for machine learning, Boston, MA, USA
Chang C-C, Lin C-J (2001) LibSVM: a library for support vector machines. http://www.csie.ntu.edu.tw/~cjlin/libsvm/
Cormack GV (2007) Trec 2007 spam track overview. In: Voorhees EM, Buckland LP (eds) TREC, volume special publication 500-274. National Institute of Standards and Technology (NIST)
Cretu GF, Stavrou A, Locasto ME, Stolfo SJ, Keromytis AD (2008) Casting out demons: sanitizing training data for anomaly sensors. In: IEEE symposium on security and privacy, pp 81–95
Dalvi N, Domingos P, Mausam, Sanghai S, Verma D (2004) Adversarial classification. In: Tenth ACM SIGKDD international conference on knowledge discovery and data mining (KDD), Seattle, pp 99–108
Domingos P (1997) Why does bagging work? a bayesian account and its implications. In: Proceedings of 3rd international conference on knowledge discovery and data mining, pp 155–158
Drucker H, Wu D, Vapnik VN (1999) Support vector machines for spam categorization. IEEE Trans Neural Netw 10(5):1048–1054
Fogla P, Sharif M, Perdisci R, Kolesnikov O, Lee W (2006) Polymorphic blending attacks. In: USENIX-SS’06: proceedings of 15th conference on USENIX security symposium. USENIX Association
Friedman JH, Hall P (2007) On bagging and nonlinear estimation. J Stat Plan Inference 137(3):669–683. Special issue on nonparametric statistics and related topics: in honor of M.L. Puri
Galbally-Herrero J, Fierrez-Aguilar J, Rodriguez-Gonzalez JD, Alonso-Fernandez F, Ortega-Garcia J, Tapiador M (2006) On the vulnerability of fingerprint verification systems to fake fingerprint attacks. In: Proceedings of IEEE international Carnahan conference on security technology, ICCST, pp 130–136
Gargiulo F, Kuncheva LI, Sansone C. Network protocol verification by a classifier selection ensemble. In: Benediktsson JA, Kittler J, Roli F (eds) (2009) Multiple classifier systems, 8th international workshop (MCS 2009). In: Lecture notes in computer science, vol 5519. Springer, New York, pp 314–323
Globerson A, Roweis ST (2006) Nightmare at test time: robust learning by feature deletion. In: Cohen WW, Moore A (eds) ICML. ACM international conference proceeding series, vol 148. ACM, New York, pp 353–360
Graham P (2002) A plan for spam. http://paulgraham.com/spam.html
Graham-Cumming J (2004) How to beat an adaptive spam filter. In: MIT Spam conference, Cambridge, MA, USA
Grandvalet Y (2004) Bagging equalizes influence. Mach Learn 55:251–270
Haindl M, Kittler J, Roli F (eds) (2007) Multiple classifier systems. 7th international workshop, MCS 2007, Prague, Czech Republic, May 23–25, 2007. Proceedings, lecture notes in computer science, vol 4472. Springer, New York
Hershkop S, Stolfo SJ (2005) Combining email models for false positive reduction. In: KDD ’05: Proceedings of 11th ACM SIGKDD international conference on knowledge discovery in data mining. ACM, New York, pp 98–107
Ho TK (1998) The random subspace method for constructing decision forests. IEEE Trans Pattern Anal Mach Intell 20(8):832–844
Jorgensen Z, Zhou Y, Inge M (2008) A multiple instance learning strategy for combating good word attacks on spam filters. J Mach Learn Res 9:1115–1146
Kemmerer RA, Vigna G (2002) Intrusion detection: a brief history and overview (supplement to Computer magazine). Computer 35:27–30
Kittler J, Hatef M, Duin RP, Matas J (1998) On combining classifiers. IEEE Trans Pattern Anal Mach Intell 20(3):226–239
Kloft M, Laskov P. A ’poisoning’ attack against online anomaly detection. In: Laskov P, Lippmann R (eds) Neural information processing systems (NIPS) workshop on machine learning in adversarial environments for computer security. http://mls-nips07.first.fraunhofer.de
Kolcz A, Teo CH (2009) Feature weighting for improved classifier robustness. In: 6th conference on Email and Anti-Spam (CEAS)
Kuncheva LI (2004) Combining pattern classifiers: methods and algorithms. Wiley, Hoboken
Laskov P, Kloft M (2009) A framework for quantitative security analysis of machine learning. In: AISec ’09: proceedings of 2nd ACM workshop on security and artificial intelligence. ACM, New York, pp 1–4
Laskov P, Lippmann R (eds) (2007) Neural information processing systems (NIPS) workshop on machine learning in adversarial environments for computer security. http://mls-nips07.first.fraunhofer.de
Lewis DD (1992) An evaluation of phrasal and clustered representations on a text categorization task. In: SIGIR ’92: proceedings of 15th annual international ACM SIGIR conference research and development in information retrieval, New York, NY, USA, pp 37–50
Lowd D, Meek C (2005) Adversarial learning. In: Press A (ed) Proceedings of 11th ACM SIGKDD international conference on knowledge discovery and data mining (KDD), pp 641–647
Lowd D, Meek C (2005) Good word attacks on statistical spam filters. In: 2nd conference on Email and Anti-Spam (CEAS)
Meyer TA, Whateley B (2004) Spambayes: effective open-source, bayesian based, email classification system. In: 1st conference on Email and Anti-Spam (CEAS)
Perdisci R, Dagon D, Lee W, Fogla P, Sharif M (2006) Misleading worm signature generators using deliberate noise injection. In: IEEE symposium on security and privacy, pp 15–31
Perdisci R, Gu G, Lee W (2006) Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems. In: International conference on data mining (ICDM). IEEE Computer Society, pp 488–498
Rodrigues RN, Ling LL, Govindaraju V (2009) Robustness of multimodal biometric fusion methods against spoof attacks. J Vis Lang Comput 20(3):169–179
Ross AA, Nandakumar K, Jain AK (2006) Handbook of multibiometrics. Springer, New York
Skillicorn DB (2009) Adversarial knowledge discovery. IEEE Intell Syst 24:54–61
Skurichina M, Duin RPW (1998) Bagging for linear classifiers. Pattern Recognit 31:909–930
Skurichina M, Duin RPW (2002) Bagging, boosting and the random subspace method for linear classifiers. Pattern Anal Appl 5(2):121–135
Stern H (2008) A survey of modern spam tools. In: 5th conference on Email and Anti-Spam (CEAS)
Sutton C, Sindelar M, McCallum A (2005) Feature bagging: preventing weight undertraining in structured discriminative learning. IR 402, University of Massachusetts
Tran T, Tsai P, Jan T (2008) An adjustable combination of linear regression and modified probabilistic neural network for anti-spam filtering. In: International conference on pattern recognition (ICPR08), pp 1–4
Uludag U, Jain AK (2004) Attacks on biometric systems: a case study in fingerprints. In: Proceedings of SPIE-EI 2004, security, steganography and watermarking of multimedia contents VI, pp 622–633