Adversarial classification: An adversarial risk analysis approach

Naveiro, Roi; Redondo, Alberto; Insua, David Rı́os; Ruggeri, Fabrizio

doi:10.1016/j.ijar.2019.07.003

Cited by 37 publications

(28 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Interestingly, in the case of the naïve Bayes classifier, our ARA approach outperforms the classifier under raw untainted data (Table 1). This effect has been already observed by Naveiro et al [2019] and for other algorithms and application areas. A possible explanation is that taking into account the presence of an adversary has a regularizing effect, being able to improve the original accuracy of the base algorithm and making it more robust.…”

Section: Ara Defense In Spam Detection Problemssupporting

confidence: 70%

“…After reviewing key developments in game-theoretic approaches to AC in Sections 2 and 3, in Sections 4 and 5 we cover novel techniques based on Adversarial Risk Analysis (ARA) [Rios Insua et al 2009], which do not assume standard common knowledge hypothesis. In thi, we unify, expand and improve upon earlier work in Naveiro et al [2019] and Gallego et al [2020]. Our focus will be on binary classification problems in face only of exploratory attacks, defined to have influence over operational data but not over training ones.…”

Section: Introductionmentioning

confidence: 97%

See 1 more Smart Citation

Perspectives on Adversarial Classification

Insua¹,

Naveiro²,

Gallego³

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Adversarial Classification (AC) is a major subfield within the increasingly important domain of adversarial machine learning (AML). Most approaches to AC so far have followed a classical game-theoretic framework. This requires unrealistic common knowledge conditions untenable in the security settings typical of the AML realm. After reviewing such approaches, we present alternative perspectives on AC based on Adversarial Risk Analysis.

show abstract

Section: Ara Defense In Spam Detection Problemssupporting

confidence: 70%

Section: Introductionmentioning

confidence: 97%

Perspectives on Adversarial Classification

Insua¹,

Naveiro²,

Gallego³

2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Interestingly, in the case of the naïve Bayes classifier, our ARA approach outperforms the classifier under raw untainted data ( Table 1). This effect has been observed also in [12,33] for other algorithms and application areas. This is likely due to the fact that the presence of an adversary has a regularizing effect, being able to improve the original accuracy of the base algorithm and making it more robust.…”

Section: Ara Defense In Spam Detection Problemssupporting

confidence: 69%

“…Their key advantage is that they do not assume strong common knowledge hypothesis concerning belief and preference sharing, as with standard game theoretic approaches to AML. In this, we unify, expand and improve upon earlier work in [12,13]. Our focus will be on binary classification problems in face only of exploratory attacks, defined to have influence over operational data but not over training ones.…”

Section: Introductionmentioning

confidence: 99%

Perspectives on Adversarial Classification

2020

Self Cite

View full text Add to dashboard Cite

Adversarial classification (AC) is a major subfield within the increasingly important domain of adversarial machine learning (AML). So far, most approaches to AC have followed a classical game-theoretic framework. This requires unrealistic common knowledge conditions untenable in the security settings typical of the AML realm. After reviewing such approaches, we present alternative perspectives on AC based on adversarial risk analysis.

show abstract

“…Another possible line of work would be to extend the framework to deal with Bayesian Stackelberg games, that are widely used to model situations in AML in which there is not common knowledge of the adversary's parameters. In this line, the ultimate goal would be to apply the proposed algorithms to solve Adversarial Risk Analyisis (ARA, [25]) problems in AML, [22].…”

Section: Discussionmentioning

confidence: 99%

Gradient Methods for Solving Stackelberg Games

Naveiro

Insua

2019

Algorithmic Decision Theory

Self Cite

View full text Add to dashboard Cite

Stackelberg Games are gaining importance in the last years due to the raise of Adversarial Machine Learning (AML). Within this context, a new paradigm must be faced: in classical game theory, intervening agents were humans whose decisions are generally discrete and low dimensional. In AML, decisions are made by algorithms and are usually continuous and high dimensional, e.g. choosing the weights of a neural network. As closed form solutions for Stackelberg games generally do not exist, it is mandatory to have efficient algorithms to search for numerical solutions. We study two different procedures for solving this type of games using gradient methods. We study time and space scalability of both approaches and discuss in which situation it is more appropriate to use each of them. Finally, we illustrate their use in an adversarial prediction problem.

show abstract

Adversarial classification: An adversarial risk analysis approach

Cited by 37 publications

References 31 publications

Perspectives on Adversarial Classification

Perspectives on Adversarial Classification

Perspectives on Adversarial Classification

Gradient Methods for Solving Stackelberg Games

Contact Info

Product

Resources

About