An adjustable combination of linear regression and modified probabilistic neural network for anti-spam filtering

Tran, Tich Phuoc; Tsai, Pohsiang; Jan, Tony

doi:10.1109/icpr.2008.4761358

Cited by 6 publications

(4 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A MCS architecture also allows to easily add new classifiers or detection modules to an existing system, which is a common practice in network intrusion detection and spam filtering tasks to counteract new kinds of attacks. Recently, it has also been argued that MCSs allow to improve classifier robustness in several adversarial classification tasks, based on the intuitive motivation that an adversary has to evade more than one classifier to make the whole ensemble ineffective [29,44,46,47,52]. However, this claim has not been supported by any clear theoretical or empirical evidence so far.…”

Section: Mcss In Adversarial Classification Tasksmentioning

confidence: 94%

“…During the past fifteen years MCSs became a state-of-the-art tool for the design of pattern classifiers, mainly because of their capability to improve accuracy with respect to an individual classifier. Some authors have recently argued that MCSs can also improve robustness in adversarial settings, since in principle more than one classifier has to be evaded to make the whole ensemble ineffective [29,44,46,52]. However, this claim has never been investigated in depth, and remains questionable.…”

mentioning

confidence: 97%

See 1 more Smart Citation

Multiple classifier systems for robust classifier design in adversarial environments

Biggio

Fumera

Roli

2010

Int. J. Mach. Learn. & Cyber.

183

161

View full text Add to dashboard Cite

Pattern recognition systems are increasingly being used in adversarial environments like network intrusion detection, spam filtering and biometric authentication and verification systems, in which an adversary may adaptively manipulate data to make a classifier ineffective. Current theory and design methods of pattern recognition systems do not take into account the adversarial nature of such kind of applications. Their extension to adversarial settings is thus mandatory, to safeguard the security and reliability of pattern recognition systems in adversarial environments. In this paper we focus on a strategy recently proposed in the literature to improve the robustness of linear classifiers to adversarial data manipulation, and experimentally investigate whether it can be implemented using two well known techniques for the construction of multiple classifier systems, namely, bagging and the random subspace method. Our results provide some hints on the potential usefulness of classifier ensembles in adversarial classification tasks, which is different from the motivations suggested so far in the literature.

show abstract

Section: Mcss In Adversarial Classification Tasksmentioning

confidence: 94%

mentioning

confidence: 97%

Multiple classifier systems for robust classifier design in adversarial environments

Biggio

Fumera

Roli

2010

Int. J. Mach. Learn. & Cyber.

183

161

View full text Add to dashboard Cite

show abstract

“…We finally deploy our learning algorithm within a traditional random forest framework (Breiman 2001) and show its predictive power on real-world datasets. Notice that, although there have been various proposals that tried to improve robustness against evasion attacks by using ensemble methods (Hershkop and Stolfo 2005;Perdisci et al 2006;Tran et al 2008;Biggio et al 2010), it was shown that ensembles of weak models are not necessarily strong (He et al 2017). We avoid this shortcoming by employing Treant to train an ensemble of decision trees which are individually resilient to evasion attempts.…”

Section: Introductionmentioning

confidence: 99%

Treant: training evasion-aware decision trees

Calzavara

Lucchese

Tolomei

et al. 2020

Data Min Knowl Disc

View full text Add to dashboard Cite

Despite its success and popularity, machine learning is now recognized as vulnerable to evasion attacks, i.e., carefully crafted perturbations of test inputs designed to force prediction errors. In this paper we focus on evasion attacks against decision tree ensembles, which are among the most successful predictive models for dealing with non-perceptual problems. Even though they are powerful and interpretable, decision tree ensembles have received only limited attention by the security and machine learning communities so far, leading to a sub-optimal state of the art for adversarial learning techniques. We thus propose Treant, a novel decision tree learning algorithm that, on the basis of a formal threat model, minimizes an evasion-aware loss function at each step of the tree construction. Treant is based on two key technical ingredients: robust splitting and attack invariance, which jointly guarantee the soundness of the learning process. Experimental results on publicly available datasets show that Treant is able to generate decision tree ensembles that are at the same time accurate and nearly insensitive to evasion attacks, outperforming state-of-the-art adversarial learning techniques.

show abstract

“…MCSs are currently being used in several adversarial classification tasks, like multimodal biometric systems [1,4], intrusion detection in computer systems [2], and spam filtering [11][12][13]. Two practical reasons are that in many of such tasks several heterogeneous feature subsets are available, and they can be easily exploited in a MCS architecture where each individual classifier is trained on a different feature subset [1]; moreover, in tasks like intrusion detection it is often necessary to face never-seen-before attacks, which can be easily done with a MCS architecture by adding new classifiers.…”

Section: Related Workmentioning

confidence: 99%

Multiple Classifier Systems under Attack

Biggio

Fumera

Roli

2010

Multiple Classifier Systems

View full text Add to dashboard Cite

Abstract. In adversarial classification tasks like spam filtering, intrusion detection in computer networks and biometric authentication, a pattern recognition system must not only be accurate, but also robust to manipulations of input samples made by an adversary to mislead the system itself. It has been recently argued that the robustness of a classifier could be improved by avoiding to overemphasize or underemphasize input features on the basis of training data, since at operation phase the feature importance may change due to modifications introduced by the adversary. In this paper we empirically investigate whether the well known bagging and random subspace methods allow to improve the robustness of linear base classifiers by producing more uniform weight values. To this aim we use a method for performance evaluation of a classifier under attack that we are currently developing, and carry out experiments on a spam filtering task with several linear base classifiers.

show abstract

An adjustable combination of linear regression and modified probabilistic neural network for anti-spam filtering

Cited by 6 publications

References 3 publications

Multiple classifier systems for robust classifier design in adversarial environments

Multiple classifier systems for robust classifier design in adversarial environments

Treant: training evasion-aware decision trees

Multiple Classifier Systems under Attack

Contact Info

Product

Resources

About