| To combat possible adversary attacks on machine learning algorithm, this paper preliminarilystudies the pattern classification problem in adversarial environment. We integrate some priorknowledge of the adversary attacks into machine learning algorithms to defense possible adversaryattacks and design adversary-aware classifiers.Firstly, we study adversarial pattern classification problem form four aspects: adversariallearning, adversary attacks, antagonistic classifier design and performance evaluation. We discuss thedifferences between the adversarial learning problem and the traditional two class classificationproblem, present an adversary attack model in line with some actual situations, and summed up themethods of antagonistic classifier design and performance evaluation. On this basis, we preliminarilyevaluate the ability of some commonly used linear classification algorithms to defense adversaryattacks on spam filtering data set. The experiment results preliminarily show that the support vectormachine (SVM) has a relatively better antagonistic ability than other algorithms. To solve theperformance degradation of SVM in worse-case attack scene, according to the characteristics ofworse-case attack, we design LW-SVM and preliminarily verify its effectiveness on spam filteringdata set.Furthermore, on the basis of the adversary attack model presented in this paper, we design anantagonistic classifier framework. More specifically, this framework estimates the possible adversarycamouflage behaviors on the sample to be detected by computing its candidate malicious samples,then re-estimates the distribution of data to ease adverse effects caused by adversary attacks. In orderto verify the effectiveness of this framework, we integrate SVM and LR into it and then designAd-SVM and Ad-LR, respectively. The experiment results preliminarily show that this framework canimprove the antagonism of the classifier. |
PDF Full Text Request