Adversarial Label Flips Attack on Support Vector Machines

被引：141

作者：

Xiao, Han ^{[1
]}

Xiao, Huang ^{[1
]}

Eckert, Claudia ^{[1
]}

机构：

[1] Tech Univ Munich, Inst Informat, D-80290 Munich, Germany

来源：

20TH EUROPEAN CONFERENCE ON ARTIFICIAL INTELLIGENCE (ECAI 2012) | 2012年 / 242卷

关键词：

D O I：

10.3233/978-1-61499-098-7-870

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

To develop a robust classification algorithm in the adversarial setting, it is important to understand the adversary's strategy. We address the problem of label flips attack where an adversary contaminates the training set through flipping labels. By analyzing the objective of the adversary, we formulate an optimization framework for finding the label flips that maximize the classification error. An algorithm for attacking support vector machines is derived. Experiments demonstrate that the accuracy of classifiers is significantly degraded under the attack.

引用

页码：870 / 875

页数：6

共 14 条

[1]

[Anonymous], 2006, P 23 INT C MACHINE, DOI DOI 10.1145/1143844.1143889

[2]

[Anonymous], 2006, BOOK REV IEEE T NEUR

[3] The security of machine learning [J].

Barreno, Marco ;

Nelson, Blaine ;

Joseph, Anthony D. ;

Tygar, J. D. .

MACHINE LEARNING, 2010, 81 (02) :121-148

[4]

Biggio B., 2011, AS C MACH LEARN, P97

[5]

Dekel O., 2009, Proc. 26th Annu. Int. Conf. Mach. Learn, P233

[6]

Dekel O., 2008, P INT C MACHINE LEAR, P216, DOI DOI 10.1145/1390156.1390184

[7]

Han Xiao, 2012, Advances in Knowledge Discovery and Data Mining. Proceedings 16th Pacific-Asia Conference (PAKDD 2012), P207, DOI 10.1007/978-3-642-30217-6_18

[8]

Kearns M., 1988, Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, P267, DOI 10.1145/62212.62238

[9]

Klivans AR, 2009, J MACH LEARN RES, V10, P2715

[10]

Lowd D., 2005, Proceedings of the Second Conference on Email and Anti-Spam CEAS, P125

← 1 2 →