Approaches to adversarial drift

Proceedings of the 2013 ACM workshop on Artificial intelligence and security Pub Date : 2013-11-04 DOI:10.1145/2517312.2517320

Alex Kantchelian, Sadia Afroz, Ling Huang, Aylin Caliskan, Brad Miller, Michael Carl Tschantz, R. Greenstadt, A. Joseph, J. D. Tygar

{"title":"Approaches to adversarial drift","authors":"Alex Kantchelian, Sadia Afroz, Ling Huang, Aylin Caliskan, Brad Miller, Michael Carl Tschantz, R. Greenstadt, A. Joseph, J. D. Tygar","doi":"10.1145/2517312.2517320","DOIUrl":null,"url":null,"abstract":"In this position paper, we argue that to be of practical interest, a machine-learning based security system must engage with the human operators beyond feature engineering and instance labeling to address the challenge of drift in adversarial environments. We propose that designers of such systems broaden the classification goal into an explanatory goal, which would deepen the interaction with system's operators. To provide guidance, we advocate for an approach based on maintaining one classifier for each class of unwanted activity to be filtered. We also emphasize the necessity for the system to be responsive to the operators constant curation of the training set. We show how this paradigm provides a property we call isolation and how it relates to classical causative attacks. In order to demonstrate the effects of drift on a binary classification task, we also report on two experiments using a previously unpublished malware data set where each instance is timestamped according to when it was seen.","PeriodicalId":422398,"journal":{"name":"Proceedings of the 2013 ACM workshop on Artificial intelligence and security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"74","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2013 ACM workshop on Artificial intelligence and security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2517312.2517320","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 74

Abstract

In this position paper, we argue that to be of practical interest, a machine-learning based security system must engage with the human operators beyond feature engineering and instance labeling to address the challenge of drift in adversarial environments. We propose that designers of such systems broaden the classification goal into an explanatory goal, which would deepen the interaction with system's operators. To provide guidance, we advocate for an approach based on maintaining one classifier for each class of unwanted activity to be filtered. We also emphasize the necessity for the system to be responsive to the operators constant curation of the training set. We show how this paradigm provides a property we call isolation and how it relates to classical causative attacks. In order to demonstrate the effects of drift on a binary classification task, we also report on two experiments using a previously unpublished malware data set where each instance is timestamped according to when it was seen.

查看原文本刊更多论文

对抗漂移的方法

在这篇立场论文中，我们认为，为了实现实际利益，基于机器学习的安全系统必须与人类操作员合作，而不仅仅是特征工程和实例标记，以解决对抗环境中漂移的挑战。我们建议此类系统的设计者将分类目标扩展为解释目标，这将加深与系统操作员的互动。为了提供指导，我们提倡一种基于为要过滤的每一类不需要的活动维护一个分类器的方法。我们还强调了系统响应操作员不断管理训练集的必要性。我们展示了这种范式如何提供了一种我们称之为隔离的属性，以及它与经典因果攻击的关系。为了演示漂移对二进制分类任务的影响，我们还报告了两个实验，使用以前未发布的恶意软件数据集，其中每个实例都根据其出现时间打上时间戳。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2013 ACM workshop on Artificial intelligence and security

自引率

0.00%

发文量