Robust adversarial learning and invariant measures

Abstract

A number of open cyber-security challenges are arising due to the rapidly evolving scale, complexity, and heterogeneity of modern IT systems and networks. The ease with which copious volumes of operational data can be collected from such systems has produced a strong interest in the use of machine learning (ML) for cyber-security, provided that ML can itself be made sufficiently immune to attack. Adversarial learning (AL) is the domain focusing on such issues and an arising AL theme is the need to ensure that ML solutions make use of robust input measurement features (i.e., the data sets used for ML training must themselves be robust against adversarial influences). This observation leads to further open questions, including: “What formally denotes sufficient robustness?”, “Must robust features necessarily exist for all IT systems?”, “Do robust features necessarily provide complete coverage of the attack space?”, etc. This work shows that these (and other) open AL questions can be usefully re-cast in terms of the classical dynamical system's problem of needing to focus analyses on a system's invariant measures. This re-casting is useful as a large body of mature dynamical systems theory exists concerning invariant measures which can then be applied to cyber-security. To our knowledge this the first work to identify and highlight this potentially useful cross-domain linkage.