Book Chapter

Classifier evasion: Models and open problems

B Nelson, BIP Rubinstein, L Huang, AD Joseph, JD Tygar

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Published : 2011

DOI: 10.1007/978-3-642-19896-0_8

Abstract

As a growing number of software developers apply machine learning to make key decisions in their systems, adversaries are adapting and launching ever more sophisticated attacks against these systems. The near-optimal evasion problem considers an adversary that searches for a low-cost negative instance by submitting a minimal number of queries to a classifier, in order to effectively evade the classifier. In this position paper, we posit several open problems and alternative variants to the near-optimal evasion problem. Solutions to these problems would significantly advance the state-of-the-art in secure machine learning. © 2011 Springer-Verlag Berlin Heidelberg.

University of Melbourne Researchers

Citation metrics

18Scopus
9Dimensions

Keywords

Machine Learning and Artificial Intelligence
Networking and Information Technology R&d (nitrd)
46 Information and Computing Sciences
4611 Machine Learning