Near-Optimal Evasion of Convex-Inducing Classifiers

Blaine Nelson; Benjamin Rubinstein; Ling Huang; Anthony Joseph; Shing–hon Lau; Steven Lee; Satish Rao; Anthony Tran; Doug Tygar

Near-Optimal Evasion of Convex-Inducing Classifiers

Blaine Nelson, Benjamin Rubinstein, Ling Huang, Anthony Joseph, Shing–hon Lau, Steven Lee, Satish Rao, Anthony Tran, Doug Tygar

Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, PMLR 9:549-556, 2010.

Abstract

Classifiers are often used to detect miscreant activities. We study how an adversary can efficiently query a classifier to elicit information that allows the adversary to evade detection at near-minimal cost. We generalize results of Lowd and Meek (2005) to convex-inducing classifiers. We present algorithms that construct undetected instances of near-minimal cost using only polynomially many queries in the dimension of the space and without reverse engineering the decision boundary.

Cite this Paper

BibTeX


@InProceedings{pmlr-v9-nelson10a,
  title = 	 {Near-Optimal Evasion of Convex-Inducing Classifiers},
  author = 	 {Nelson, Blaine and Rubinstein, Benjamin and Huang, Ling and Joseph, Anthony and Lau, Shing–hon and Lee, Steven and Rao, Satish and Tran, Anthony and Tygar, Doug},
  booktitle = 	 {Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics},
  pages = 	 {549--556},
  year = 	 {2010},
  editor = 	 {Teh, Yee Whye and Titterington, Mike},
  volume = 	 {9},
  series = 	 {Proceedings of Machine Learning Research},
  address = 	 {Chia Laguna Resort, Sardinia, Italy},
  month = 	 {13--15 May},
  publisher =    {PMLR},
  pdf = 	 {http://proceedings.mlr.press/v9/nelson10a/nelson10a.pdf},
  url = 	 {https://proceedings.mlr.press/v9/nelson10a.html},
  abstract = 	 {Classifiers are often used to detect miscreant activities. We study how an adversary can efficiently query a classifier to elicit information that allows the adversary to evade detection at near-minimal cost. We generalize results of Lowd and Meek (2005) to convex-inducing classifiers. We present algorithms that construct undetected instances of near-minimal cost using only polynomially many queries in the dimension of the space and without reverse engineering the decision boundary.}
}

Endnote

%0 Conference Paper
%T Near-Optimal Evasion of Convex-Inducing Classifiers
%A Blaine Nelson
%A Benjamin Rubinstein
%A Ling Huang
%A Anthony Joseph
%A Shing–hon Lau
%A Steven Lee
%A Satish Rao
%A Anthony Tran
%A Doug Tygar
%B Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics
%C Proceedings of Machine Learning Research
%D 2010
%E Yee Whye Teh
%E Mike Titterington	
%F pmlr-v9-nelson10a
%I PMLR
%P 549--556
%U https://proceedings.mlr.press/v9/nelson10a.html
%V 9
%X Classifiers are often used to detect miscreant activities. We study how an adversary can efficiently query a classifier to elicit information that allows the adversary to evade detection at near-minimal cost. We generalize results of Lowd and Meek (2005) to convex-inducing classifiers. We present algorithms that construct undetected instances of near-minimal cost using only polynomially many queries in the dimension of the space and without reverse engineering the decision boundary.

RIS


TY  - CPAPER
TI  - Near-Optimal Evasion of Convex-Inducing Classifiers
AU  - Blaine Nelson
AU  - Benjamin Rubinstein
AU  - Ling Huang
AU  - Anthony Joseph
AU  - Shing–hon Lau
AU  - Steven Lee
AU  - Satish Rao
AU  - Anthony Tran
AU  - Doug Tygar
BT  - Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics
DA  - 2010/03/31
ED  - Yee Whye Teh
ED  - Mike Titterington	
ID  - pmlr-v9-nelson10a
PB  - PMLR
DP  - Proceedings of Machine Learning Research
VL  - 9
SP  - 549
EP  - 556
L1  - http://proceedings.mlr.press/v9/nelson10a/nelson10a.pdf
UR  - https://proceedings.mlr.press/v9/nelson10a.html
AB  - Classifiers are often used to detect miscreant activities. We study how an adversary can efficiently query a classifier to elicit information that allows the adversary to evade detection at near-minimal cost. We generalize results of Lowd and Meek (2005) to convex-inducing classifiers. We present algorithms that construct undetected instances of near-minimal cost using only polynomially many queries in the dimension of the space and without reverse engineering the decision boundary.
ER  -

APA


Nelson, B., Rubinstein, B., Huang, L., Joseph, A., Lau, S., Lee, S., Rao, S., Tran, A. & Tygar, D.. (2010). Near-Optimal Evasion of Convex-Inducing Classifiers. Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, in Proceedings of Machine Learning Research 9:549-556 Available from https://proceedings.mlr.press/v9/nelson10a.html.

Related Material

Download PDF