Skip to main content
SpringerLink
Log in
Book cover

International Conference on Web Information Systems Engineering

WISE 2018: Web Information Systems Engineering – WISE 2018 pp 96–110Cite as

Gradient Correlation: Are Ensemble Classifiers More Robust Against Evasion Attacks in Practical Settings?

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11233))

Abstract

Pattern recognition is an essential part of modern security systems for malware detection, intrusion detection, and spam filtering. Conventional classifiers widely used in these applications are found vulnerable themselves to adversarial machine learning attacks. Existing studies argued that ensemble classifiers are more robust than a single classifier under evasion attacks due to more uniform weights produced on the basis of training data. In this paper, we investigate the problem in a more practical setting where attackers do not know the classifier details. Instead, attackers may acquire only a portion of the labeled data or a replacement dataset for learning the target decision boundary. In this case, we show that ensemble classifiers are not necessarily more robust under a least effort attack based on gradient descent. Our experiments are conducted with both linear and kernel SVMs on real datasets for spam filtering and malware detection.

This work was supported in part by National Natural Science Foundation of China (61403324) and Dongguan University of Technology (KCYKYQD2017003).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://pdfrate.com/.

  2. 2.

    http://pralab.diee.unica.it/.

References

  1. Androutsopoulos, I., Paliouras, G., Michelakis, E.: Learning to filter unsolicited commercial e-mail (2004)

    Google Scholar 

  2. Biggio, B., et al.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., Železný, F. (eds.) ECML PKDD 2013. LNCS (LNAI), vol. 8190, pp. 387–402. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40994-3_25

    Chapter  Google Scholar 

  3. Biggio, B.: Security evaluation of support vector machines in adversarial environments. In: Ma, Y., Guo, G. (eds.) Support Vector Machines Applications, pp. 105–153. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-02300-7_4

    Chapter  Google Scholar 

  4. Biggio, B., Fumera, G., Roli, F.: Evade hard multiple classifier systems. In: Okun, O., Valentini, G. (eds.) Applications of Supervised and Unsupervised Ensemble Methods, pp. 15–38. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03999-7_2

    Google Scholar 

  5. Biggio, B., Fumera, G., Roli, F.: Multiple classifier systems for robust classifier design in adversarial environments. Int. J. Mach. Learn. Cybern. 1(1–4), 27–41 (2010)

    Article  Google Scholar 

  6. Biggio, B., Roli, F.: Wild patterns: ten years after the rise of adversarial machine learning. arXiv Preprint (2017). http://arxiv.org/abs/1712.03141

  7. Cheng, K., et al.: Secure k-NN query on encrypted cloud data with multiple keys. IEEE Trans. Big Data 1, 1–1 (2015)

    Article  Google Scholar 

  8. Demontis, A., et al.: Yes, machine learning can be more secure! A case study on android malware detection. IEEE Trans. Dependable Secur. Comput. (2017, in press). https://ieeexplore.ieee.org/document/7917369

  9. Dong, Y.S., Han, K.S.: Boosting SVM classifiers by ensemble. In: The 14th International Conference on World Wide Web, pp. 1072–1073, WWW 2005. ACM (2005)

    Google Scholar 

  10. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: The International Conference on Learning Representations, ICLR 2015 (2015)

    Google Scholar 

  11. Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning, 2nd edn. Springer, New York (2009)

    Book  Google Scholar 

  12. Ho, T.K.: The random subspace method for constructing decision forests. IEEE Trans. Pattern Anal. Mach. Intell. 20(8), 832–844 (1998)

    Article  Google Scholar 

  13. Kabir, E., Mahmood, A., Wang, H., Mustafa, A.: Microaggregation sorting framework for k-anonymity statistical disclosure control in cloud computing. IEEE Trans. Cloud Comput. (2015, in press). https://ieeexplore.ieee.org/document/7208829

  14. Kabir, M.E., Wang, H., Bertino, E.: A role-involved purpose-based access control model. Inf. Syst. Front. 14(3), 809–822 (2012)

    Article  Google Scholar 

  15. Kantchelian, A., Tygar, J., Joseph, A.: Evasion and hardening of tree ensemble classifiers. In: International Conference on Machine Learning, pp. 2387–2396 (2016)

    Google Scholar 

  16. Khalil, F., Li, J., Wang, H.: An integrated model for next page access prediction. Int. J. Knowl. Web Intell. 1(1–2), 48–80 (2009)

    Article  Google Scholar 

  17. Kim, H.C., Pang, S., Je, H.M., Kim, D., Bang, S.Y.: Constructing support vector machine ensemble. Pattern Recogn. 36(12), 2757–2767 (2003)

    Article  Google Scholar 

  18. Kołcz, A., Teo, C.H.: Feature weighting for improved classifier robustness. In: Sixth Conference On Email and Anti-spam, CEAS 2009 (2009)

    Google Scholar 

  19. Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470–478. ACM (2004)

    Google Scholar 

  20. Laskov, P., et al.: Practical evasion of a learning-based classifier: a case study. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 197–211. IEEE (2014)

    Google Scholar 

  21. Mujtaba, G., Shuib, L., Raj, R.G., Majeed, N., Al-Garadi, M.A.: Email classification research trends: review and open issues. IEEE Access 5, 9044–9064 (2017)

    Article  Google Scholar 

  22. Papernot, N., Mcdaniel, P., Sinha, A., Wellman, M.: SoK: Towards the science of security and privacy in machine learning. arXiv Preprint, pp. 1–19 (2016). http://arxiv.org/abs/1611.03814

  23. Peng, M., Zeng, G., Sun, Z., Huang, J., Wang, H., Tian, G.: Personalized app recommendation based on app permissions. World Wide Web 21(1), 89–104 (2018)

    Article  Google Scholar 

  24. Shah, Z., Mahmood, A.N., Barlow, M., Tari, Z., Yi, X., Zomaya, A.Y.: Computing hierarchical summary from two-dimensional big data streams. IEEE Trans. Parallel Distrib. Syst. 29(4), 803–818 (2018)

    Article  Google Scholar 

  25. Shen, Y., Zhang, T., Wang, Y., Wang, H., Jiang, X.: Microthings: a generic iot architecture for flexible data aggregation and scalable service cooperation. IEEE Commun. Mag. 55(9), 86–93 (2017)

    Article  Google Scholar 

  26. Shu, J., Jia, X., Yang, K., Wang, H.: Privacy-preserving task recommendation services for crowdsourcing. IEEE Trans. Serv. Comput. (2018, in press). https://ieeexplore.ieee.org/document/8253516

  27. Smutz, C., Stavrou, A.: When a tree falls: using diversity in ensemble classifiers to identify evasion in malware detectors. In: NDSS (2016)

    Google Scholar 

  28. Sun, X., Li, M., Wang, H., Plank, A.: An efficient hash-based algorithm for minimal k-anonymity. In: Proceedings of the Thirty-First Australasian Conference on Computer Science, vol. 74, pp. 101–107. Australian Computer Society, Inc. (2008)

    Google Scholar 

  29. Sun, X., Wang, H., Li, J., Zhang, Y.: Injecting purpose and trust into data anonymisation. Comput. Secur. 30(5), 332–345 (2011)

    Article  Google Scholar 

  30. Vapnik, V.: The Nature of Statistical Learning, 1st edn. Springer, New York (1999)

    MATH  Google Scholar 

  31. Wang, G., Wang, T., Zheng, H., Zhao, B.Y.: Man vs. machine: practical adversarial detection of malicious crowdsourcing workers. In: USENIX Security Symposium, pp. 239–254 (2014)

    Google Scholar 

  32. Wang, H., Cao, J., Zhang, Y.: Ticket-based service access scheme for mobile users. In: Australian Computer Science Communications, vol. 24, pp. 285–292. Australian Computer Society, Inc. (2002)

    Google Scholar 

  33. Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers. In: Proceedings of the 2016 Network and Distributed Systems Symposium (2016)

    Google Scholar 

  34. Yi, X., Sun, H., Jafar, S.A., Gesbert, D.: Tdma is optimal for all-unicast dof region of tim if and only if topology is chordal bipartite. IEEE Trans. Inf. Theory 64(3), 2065–2076 (2018)

    Article  MathSciNet  Google Scholar 

  35. Zhang, F., Chan, P.P., Biggio, B., Yeung, D.S., Roli, F.: Adversarial feature selection against evasion attacks. IEEE Trans. Cybern. 46(3), 766–777 (2016)

    Article  Google Scholar 

  36. Zhang, Y., Shen, Y., Wang, H., Zhang, Y., Jiang, X.: On secure wireless communications for service oriented computing. IEEE Trans. Serv. Comput. 11(2), 318–328 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dongguang University of Technology, Dongguan, Guangdong, China

    Fuyong Zhang & Yi Wang

  2. Institute for Sustainable Industries and Liveable Cities, VU Research, Victoria University, Melbourne, Australia

    Hua Wang

Authors
  1. Fuyong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hua Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yi Wang .

Editor information

Editors and Affiliations

  1. Zayed University, Dubai, United Arab Emirates

    Hakim Hacid

  2. Poznan University of Economics, Poznan, Poland

    Wojciech Cellary

  3. University of Victoria, Footscray, VIC, Australia

    Hua Wang

  4. UNSW Australia, Sydney, NSW, Australia

    Hye-Young Paik

  5. Swinburne University of Technology, Hawthorn, VIC, Australia

    Rui Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, F., Wang, Y., Wang, H. (2018). Gradient Correlation: Are Ensemble Classifiers More Robust Against Evasion Attacks in Practical Settings?. In: Hacid, H., Cellary, W., Wang, H., Paik, HY., Zhou, R. (eds) Web Information Systems Engineering – WISE 2018. WISE 2018. Lecture Notes in Computer Science(), vol 11233. Springer, Cham. https://doi.org/10.1007/978-3-030-02922-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02922-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02921-0

  • Online ISBN: 978-3-030-02922-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation