| Machine learning has been applied in many applications,such as spam filtering and intrusion detection with satisfying performance.However,it now faces a threat of an adversary attack in security applications.The attacker may exploit a weakness of a learning process and degrades the performance of the system.This study aims to analyze a causative attack,which is one of the most serious attacks in adversarial environment.In causative attack,an attacker has the ability to manipulate some of the training data to mislead the learning process of a classifier.We proposed two methods of data sanitization to defend against causative attack.We firstly present an improved method to increase the time complexity of RONI defense.Then,an efficient data sanitization based on data complexity,which is a measure that characterizes the difficulty of a classification problem,is proposed.The major contributions of this study are as follows:1)We proposed an improved defense which simplifies a time complexity of RONI defense by considering a set of similar samples grouped by the relative neighborhood graph.Experimental results suggest that the performance of our proposed method is similar to the RONI defense but with less time complexity.2)Our study shows that causative attack causes the different distributions on data complexity between the poisoned data and the normal data in a dataset.Based on this finding,we present a new defense of data sanitization based on data complexity to remove the attacked data of the training set.Experimental results show that those poisoned samples can be sanitized effectively by our method. |
PDF Full Text Request