A dynamic‐adversarial mining approach to the security of machine learning

Sethi, Tegjyot Singh; Kantardzic, Mehmed; Lyu, Lingyu; Chen, Jiashun

doi:10.1002/widm.1245

Cited by 8 publications

(10 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, a new type of credit card fraud can appear that tries to circumvent existing fraud detection set in place. These changes in data streams, named concept drift (Pinage, dos Santos, & da Gama, 2016;Sethi, Kantardzic, Lyu, & Chen, 2018), often affect the underlying data distribution and reduce the performance of existing classifiers.…”

Section: Introductionmentioning

confidence: 99%

No Free Lunch Theorem for concept drift detection in streaming data classification: A review

Kantardzic

Sethi

2019

WIREs Data Min & Knowl

Self Cite

View full text Add to dashboard Cite

Many real‐world data mining applications have to deal with unlabeled streaming data. They are unlabeled because the sheer volume of the stream makes it impractical to label a significant portion of the data. The data streams can evolve over time and these changes are called concept drifts. Concept drifts have different characteristics, which can be used to categorize them into different types. A trade‐off between performance and cost exists among many concept drift detection approaches. On the one hand, high accuracy detection approach usually requires labeled data, possibly involving high cost for labeling. On the other hand, a variety of methods have been devoted to the topic of concept drift detection with unlabeled data, but these approaches often are most suited for only a subset of the concept drift types. The objective of this survey is to present these methods, categorize them and give recommendations of usage based on their behaviors under different types of concept drift. This article is categorized under: Fundamental Concepts of Data and Knowledge > Data Concepts Fundamental Concepts of Data and Knowledge > Key Design Issues in Data Mining Explainable AI > Classification

show abstract

Section: Introductionmentioning

confidence: 99%

No Free Lunch Theorem for concept drift detection in streaming data classification: A review

Kantardzic

Sethi

2019

WIREs Data Min & Knowl

Self Cite

View full text Add to dashboard Cite

show abstract

“…[36] suggested that even if an adversary knows the importance of features used by the deployed model, he or she will not be able to evade detection without knowing the ML algorithm used. However, this cannot stop determined adversaries from trying every way possible to accomplish their goals [23]. Furthermore, as stated in Ref.…”

Section: Adversarial Attacks Against Twitter Spam Detectorsmentioning

confidence: 98%

“…Consequently, considering the robustness of selected features and applying the disinformation method when designing a spam detector could help reduce the effect of adversaries' activities. However, this cannot stop determined adversaries from trying every way possible to accomplish their goals [23]. Furthermore, as stated in Ref.…”

Section: Defenses Against Exploratory Attacksmentioning

confidence: 98%

A Survey of Attacks Against Twitter Spam Detectors in an Adversarial Environment

Imam

2019

Robotics

View full text Add to dashboard Cite

Online Social Networks (OSNs), such as Facebook and Twitter, have become a very important part of many people’s daily lives. Unfortunately, the high popularity of these platforms makes them very attractive to spammers. Machine learning (ML) techniques have been widely used as a tool to address many cybersecurity application problems (such as spam and malware detection). However, most of the proposed approaches do not consider the presence of adversaries that target the defense mechanism itself. Adversaries can launch sophisticated attacks to undermine deployed spam detectors either during training or the prediction (test) phase. Not considering these adversarial activities at the design stage makes OSNs’ spam detectors vulnerable to a range of adversarial attacks. Thus, this paper surveys the attacks against Twitter spam detectors in an adversarial environment, and a general taxonomy of potential adversarial attacks is presented using common frameworks from the literature. Examples of adversarial activities on Twitter that were discovered after observing Arabic trending hashtags are discussed in detail. A new type of spam tweet (adversarial spam tweet), which can be used to undermine a deployed classifier, is examined. In addition, possible countermeasures that could increase the robustness of Twitter spam detectors to such attacks are investigated.

show abstract

“…However, this cannot stop determined adversaries from trying every way possible to accomplish their goals [46]. Furthermore, as stated in [2], relying on obscurity in an adversarial environment is not a good security practice, as one should always overestimate rather than underestimate the adversary's capabilities.…”

Section: Defenses Against Exploratory Attacksmentioning

confidence: 99%

“…The traditional assumption of stationarity of data distribution in ML is that the dataset used for training a classifier (such as SVM or RF) and the testing data (the future data that will be classified) have a similar underlying distribution. This assumption is violated in the adversarial environment, as adversaries are able to manipulate data either during training or before testing [46,2].…”

Section: Introductionmentioning

confidence: 99%

A Survey of Attacks Against Twitter Spam Detectors in an Adversarial Environment

Imam¹

2019

Preprint

View full text Add to dashboard Cite

Online Social Networks (OSNs), such as Facebook and Twitter, have become a very important part of many people’s daily lives. Unfortunately, the high popularity of these platforms makes them very attractive to spammers. Machine-learning (ML) techniques have been widely used as a tool to address many cybersecurity application problems (such as spam and malware detection). However, most of the proposed approaches do not consider the presence of adversaries that target the defense mechanism itself. Adversaries can launch sophisticated attacks to undermine deployed spam detectors either during training or the prediction (test) phase. Not considering these adversarial activities at the design stage makes OSNs’ spam detectors prone to a range of adversarial attacks. This paper thus surveys the attacks against Twitter spam detectors in an adversarial environment. In addition, a general taxonomy of potential adversarial attacks is proposed by applying common frameworks from the literature. Examples of adversarial activities on Twitter were provided after observing Arabic trending hashtags. A new type of spam tweet (Adversarial spam tweet), which can be used to undermine deployed classifier, were found. In addition, possible countermeasures that could increase the robustness of Twitter spam detectors against such attacks are investigated.

show abstract

A dynamic‐adversarial mining approach to the security of machine learning

Cited by 8 publications

References 59 publications

No Free Lunch Theorem for concept drift detection in streaming data classification: A review

No Free Lunch Theorem for concept drift detection in streaming data classification: A review

A Survey of Attacks Against Twitter Spam Detectors in an Adversarial Environment

A Survey of Attacks Against Twitter Spam Detectors in an Adversarial Environment

Contact Info

Product

Resources

About