Support Vector Machines In Adversarial Environment

Although intelligent methods have been successfully applied to detect information security threats, yet there are some drawbacks.Since the intelligent methods are basically content based pattern recognition methods, thus in adversarial environment, a clever but unfriendly attacker could intentionally alter the malicious data to cheat the detection system.Furthermore, it has been recently found out that attackers could degrade the intelligent security systems by deliberately incorporating poisoned data in the training set.In order to build a robust and real-time intelligent security system in adversarial environment, this thesis analyzes the strategies for the intelligent system designer and the attacker. The main achievements of this paper are listed as below.1.We introduce a greedy strategy for attackers who intend to degrade the Support Vector Machines by introducing poisoned data. On the other hand, a Semi-Definite Programming formulation is proposed as a Revised Support Vector Machine to detect and filter the potential malicious data.2.For attackers who intend to cheat the intelligent system by modifying malicious data, Section 3 proposes multiple efficient formulations of the Revised Support Vector Machines to defend the Cheating Attack. The new algorithms are based on Second Order Cone Programming and Linear Programming, which are more efficient and appropriate for large scale Web-based applications.3.One important part of the intelligent security system is feature extraction. Section 4 proposes a Semi-supervised Canonical Correlation Analysis algorithm for feature extraction. Semi-supervised CCA is specially designed for large scale applications in which it is impractical to give all the labels manually.4. Section 5 introduces respective hardware acceleration modules for feature extraction and Support Vector Machines.