Approaches to adversarial drift

Alex Kantchelian, Sadia Afroz, Ling Huang, Aylin Caliskan Islam, Brad Miller, Michael Carl Tschantz, Rachel Greenstadt, Anthony D. Joseph, J. D. Tygar

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    In this position paper, we argue that to be of practical interest, a machine-learning based security system must engage with the human operators beyond feature engineering and instance labeling to address the challenge of drift in adversarial environments. We propose that designers of such systems broaden the classification goal into an explanatory goal, which would deepen the interaction with system's operators. To provide guidance, we advocate for an approach based on maintaining one classifier for each class of unwanted activity to be filtered. We also emphasize the necessity for the system to be responsive to the operators constant curation of the training set. We show how this paradigm provides a property we call isolation and how it relates to classical causative attacks. In order to demonstrate the effects of drift on a binary classification task, we also report on two experiments using a previously unpublished malware data set where each instance is timestamped according to when it was seen.

    Original languageEnglish (US)
    Title of host publicationAISec 2013 - Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, Co-located with CCS 2013
    Pages99-109
    Number of pages11
    DOIs
    StatePublished - 2013
    Event2013 6th Annual ACM Workshop on Artificial Intelligence and Security, AISec 2013, Co-located with the 20th ACM Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
    Duration: Nov 4 2013Nov 4 2013

    Publication series

    NameProceedings of the ACM Conference on Computer and Communications Security
    ISSN (Print)1543-7221

    Conference

    Conference2013 6th Annual ACM Workshop on Artificial Intelligence and Security, AISec 2013, Co-located with the 20th ACM Conference on Computer and Communications Security, CCS 2013
    Country/TerritoryGermany
    CityBerlin
    Period11/4/1311/4/13

    Keywords

    • adversarial machine learning
    • concept drift
    • malware classification

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'Approaches to adversarial drift'. Together they form a unique fingerprint.

    Cite this