Computer Science ›› 2018, Vol. 45 ›› Issue (1): 34-38, 46.doi: 10.11896/j.issn.1002-137X.2018.01.005

Previous Articles     Next Articles

Ensemble Method Against Evasion Attack with Different Strength of Attack

LIU Xiao-qin, WANG Jie-ting, QIAN Yu-hua and WANG Xiao-yue   

  • Online:2018-01-15 Published:2018-11-13

Abstract: Driven by the illegal purpose,attackers often exploit the vulnerability of the classifier to make the malicious samples free of detection in adversarial learning.At present,adversarial learning has been widely used in computer network intrusion detection,spam filtering,biometrics identification and other fields.Many researchers only apply the exi-sting ensemble methods in adversarial learning,and prove that multiple classi-fiers are more robust than single classi-fier.However,priori information about the attacker has a great influence on the robustness of the classifier in adversariallearning.Based on this situation,by simulating different strength of attack in learning process and increasing the weight of the misclassified sample,the robustness of the multiple classifiers can be improved with maintaining the accuracy.The experimental results show that the ensemble algorithm against evasion attack with different strength of attack is more robust than Bagging.Finally,the convergence of the algorithm and the influence of parameter on the algorithm were analyzed.

Key words: Adversarial learning,Evasion attacks,Multiple classifier systems,Robustness

[1] ZHANG F.Researches on defense strategy against evasion attacks[D].Guangzhou:South China University of Technology,2015.(in Chinese) 张非.对抗逃避攻击的防守策略研究[D].广州:华南理工大学,2015.
[2] ZHANG M F,LI Y C,LI W.Survey of application of bayesian cIassifying method to spam filtering[J].Application Research of Computers,2005,22(8):14-19.(in Chinese) 张铭锋,李云春,李巍.垃圾邮件过滤的贝叶斯方法综述[J].计算机应用研究,2005,22(8):14-19.
[3] DENG W.Adversarial classification for email spam filtering[D].Chengdu:University of Electronic Science and Technolgy of China,2011.(in Chinese) 邓蔚.垃圾邮件过滤中的敌手分类问题研究[D].成都:电子科技大学,2011.
[4] DENG W,QIN Z G,LIU Q,et al.Chinese spam filtering model for combating good word attacks[J].Journal of Electronic Measurement and Instrumentation,2011,24(12):1146-1152.(in Chinese) 邓蔚,秦志光,刘峤,等.抗好词攻击的中文垃圾邮件过滤模型[J].电子测量与仪器学报,2011,24(12):1146-1152.
[5] CRETU G F,STAVROU A,LOCASTO M E,et al.Casting out demons:sanitizing training data for anomaly sensors[C]∥IEEE Symposium on Security & Privacy.IEEE,2008:81-95.
[6] NELSON B,RUBINSTEIN B I P,HUANG L,et al.Near-optimal evasion of convex-Inducing classifiers[C]∥13th International Conference on Artificial Intelligence and Statistics.2010:549-556.
[7] NELSON B,RUBINSTEIN B I P,HUANG L,et al.Querystrategies for evading convex-inducing classifiers[J].Journal of Machine Learning Research,2012,13(5):1293-1332.
[8] BIGGIO B,CORONA I,MAIORCA D,et al.Evasion attacksagainst machine learning at test time[M]∥Machine Learning and Knowledge Discovery in Databases.Springer Berlin Heidelberg,2013:387-402.
[9] ZHANG F,CHAN P P K,BIGGIO B,et al.Adversarial feature selection against evasion attacks[J].IEEE Transactions on Cybernetics,2016,46(3):766-777.
[10] O’ULLIVAN J,LANGFORD J,CARUANA R,et al.Featureboost:a meta learning algorithm that improves model robustness[C]∥Proceedings of the 7th International Conference on Machine Learing.2000:703-710 .
[11] BIGGIO B,FUMERA G,ROLI F.Multiple classifier systems for robust classifier design in adversarial environments[J].International Journal of Machine Learning and Cybernetics,2010,1(1-4):27-41.
[12] BIGGIO B,FUMERA G,ROLI F.Adversarial pattern classification using multiple classifiers and randomisation[C]∥Joint IAPR International Workshops on Statistical Techniques in Pattern Recognition (SPR) and Structural and Syntactic Pattern Recognition.2008:500-509.
[13] BARRENO M,NELSON B,SEARS R,et al.Can machine lear-ning be secure?[C]∥Proceedings of the 2006 ACM Sympo-sium on Information,Computer and Communications Security.ACM,2006:16-25.
[14] HUANG L,JOSEPH A D,NELSON B,et al.Adversarial machine learning[C]∥Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence.2011:43-58.
[15] BIGGIO B,FUMERA G,ROLI F.Multiple classifier systems for adversarial classification tasks[C]∥International Workshop on Multiple Classifier Systems.Springer Berlin Heidelberg,2009:132-141.
[16] ZHANG F,HUANG W J,CHAN P P K.Hardness of evasion of multiple classifier system with non-linear classifiers [C]∥2014 International Conference on Wavelet Analysis and Pattern Re-cognition.2014:56-60.
[17] QIAN Y H,LI F J,LIANG J Y,et al.Space structure and clustering of categorical data[J].IEEE Transactions on Neural Networks & Learning Systems,2016,27(10):2047-2059.
[18] QUINLAN J R.Bagging,boosting,and C4.5[C]∥Proceedings of the Thirteenth National Conference on Artificial Intelligence.1996:725-730.
[19] QIAN Y H,XU H,LIANG J Y,et al.Fusing monotonic decision trees[J].IEEE Transactions on Knowledge and Data Enginee-ring,2015,27(10):2717-2728.
[20] BIGGIO B,CORONA I,HE Z M,et al.One-and-a-half-classmultiple classifier systems for secure learning against evasion attacks at test time[C]∥International Workshop on Multiple Classifier Systems.Springer International Publishing,2015:168-180.
[21] UCI Machine Learning Repository.

No related articles found!
Full text



[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75, 88 .
[2] XIA Qing-xun and ZHUANG Yi. Remote Attestation Mechanism Based on Locality Principle[J]. Computer Science, 2018, 45(4): 148 -151, 162 .
[3] LI Bai-shen, LI Ling-zhi, SUN Yong and ZHU Yan-qin. Intranet Defense Algorithm Based on Pseudo Boosting Decision Tree[J]. Computer Science, 2018, 45(4): 157 -162 .
[4] WANG Huan, ZHANG Yun-feng and ZHANG Yan. Rapid Decision Method for Repairing Sequence Based on CFDs[J]. Computer Science, 2018, 45(3): 311 -316 .
[5] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[6] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[7] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[8] LIU Qin. Study on Data Quality Based on Constraint in Computer Forensics[J]. Computer Science, 2018, 45(4): 169 -172 .
[9] ZHONG Fei and YANG Bin. License Plate Detection Based on Principal Component Analysis Network[J]. Computer Science, 2018, 45(3): 268 -273 .
[10] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99, 116 .