Complex-based optimization strategy for evasion attack

2017 12th International Conference on Intelligent Systems and Knowledge Engineering (ISKE) Pub Date : 2017-11-01 DOI:10.1109/ISKE.2017.8258845

Shu Li, Yun Li

{"title":"Complex-based optimization strategy for evasion attack","authors":"Shu Li, Yun Li","doi":"10.1109/ISKE.2017.8258845","DOIUrl":null,"url":null,"abstract":"Machine learning has been widely used in security related applications, such as spam filter, network intrusion detection. In machine learning process, the test set and the training set usually have the same probability distribution and through the information of learning the training set, the malicious samples in the machine learning algorithm can usually be correctly classified. However, the classification algorithm has neglected the classification under adversarial environment, so instead they will modify the features of test data in order to spoof the classifier so as to escape its detection. In this paper, we will consider to modify the feature value of the test samples in accordance with attack algorithm proposed by Battista Biggio and further improve the algorithm. As each feature has a range of independent constraints, so the algorithm should be transformed into a constrained optimization problem. This is done in order to make the original sample modify the smaller distance so as to escape the detection of the classifier, while also improve the convergence rate during the generation of adversarial samples.","PeriodicalId":208009,"journal":{"name":"2017 12th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 12th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISKE.2017.8258845","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Machine learning has been widely used in security related applications, such as spam filter, network intrusion detection. In machine learning process, the test set and the training set usually have the same probability distribution and through the information of learning the training set, the malicious samples in the machine learning algorithm can usually be correctly classified. However, the classification algorithm has neglected the classification under adversarial environment, so instead they will modify the features of test data in order to spoof the classifier so as to escape its detection. In this paper, we will consider to modify the feature value of the test samples in accordance with attack algorithm proposed by Battista Biggio and further improve the algorithm. As each feature has a range of independent constraints, so the algorithm should be transformed into a constrained optimization problem. This is done in order to make the original sample modify the smaller distance so as to escape the detection of the classifier, while also improve the convergence rate during the generation of adversarial samples.

查看原文本刊更多论文

基于复杂性的规避攻击优化策略

机器学习已广泛应用于安全相关的应用，如垃圾邮件过滤、网络入侵检测等。在机器学习过程中，测试集和训练集通常具有相同的概率分布，通过学习训练集的信息，通常可以对机器学习算法中的恶意样本进行正确的分类。然而，分类算法忽略了对抗性环境下的分类，而是通过修改测试数据的特征来欺骗分类器，从而逃避分类器的检测。在本文中，我们将考虑根据Battista Biggio提出的攻击算法修改测试样本的特征值，并进一步改进算法。由于每个特征都有一定范围的独立约束，因此该算法应转化为约束优化问题。这样做是为了使原始样本修改较小的距离，从而逃避分类器的检测，同时也提高了生成对抗样本时的收敛速度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 12th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)

自引率

0.00%

发文量