A Study On Machine Learning Algorithms In Adversarial Environment

With the study of machine learning,these learning algorithms are expanding their application scenarios.Although there is no threat in most application scenarios,some applications are in adversarial environment.In these areas,the machine learning algorithm itself may become a new weakness.So the purpose of this paper is to improve the anti-attack ability of machine learning algorithm in adversarial environments.As the existing research shows,the best improvement method is adding some simulated attack samples to the training set.Therefore,improving the anti-attack ability of the machine learning algorithm can be transformed to proposing a more realistic attack simulation algorithm.Accordingly this paper mainly completes the work in the following two aspects based on existing research.Firstly,a new attack simulation algorithm for classification learning algorithm is proposed.The algorithm combines multiple linear classifier to get a fitting classifier,which is different from the existing research,and no longer needs the target classifier's decision boundary.So that the simulation algorithm is more close to the reality,and will not too over overestimate the attacker's ability.The threshold of the member classifier determines whether to use worst case attack or mimicry attack,which ensures that the final effect will not be worse than the existing attack simulation algorithm.This algorithm can be used to measure the anti-attack ability of the classifier in adversarial environment,and also can be used to enhance the anti-attack ability in the training stage through adding simulation attack samples to training set.Secondly,an attack point selection algorithm for clustering learning algorithm is proposed.Different from existing research which focuses on the single-linkage and complete-linkage hierarchical clustering algorithm,this paper aims at the average-linkage hierarchical clustering algorithm.The algorithm uses bridging and extending method to obtain the candidate attack points set and use the greedy algorithm to get the final attack point set.Finally,the experimental results and analysis on several different UCI standard data sets are given,which proves the effectiveness of the two algorithms.The possible research directions and contents are given as well.