Pattern Recognition Systems under Attack

  • Fabio Roli
  • Battista Biggio
  • Giorgio Fumera
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8258)


Pattern recognition systems have been increasingly used in security applications, although it is known that carefully crafted attacks can compromise their security. We advocate that simulating a proactive arms race is crucial to identify the most relevant vulnerabilities of pattern recognition systems, and to develop countermeasures in advance, thus improving system security. We summarize a framework we recently proposed for designing proactive secure pattern recognition systems and review its application to assess the security of biometric recognition systems against poisoning attacks.


adversarial pattern recognition biometric authentication poisoning attacks 


  1. 1.
    Attar, A., Rad, R.M., Atani, R.E.: A survey of image spamming and filtering techniques. Artif. Intell. Rev. 40(1), 71–105 (2013)CrossRefGoogle Scholar
  2. 2.
    Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: Proc. of the 2006 ACM Symp. on Information, Computer and Comm. Sec., pp. 16–25. ACM, NY (2006)Google Scholar
  3. 3.
    Biggio, B., Akhtar, Z., Fumera, G., Marcialis, G.L., Roli, F.: Security evaluation of biometric authentication systems under real spoofing attacks. IET Biometrics 1(1), 11–24 (2012)CrossRefGoogle Scholar
  4. 4.
    Biggio, B., Didaci, L., Fumera, G., Roli, F.: Poisoning attacks to compromise face templates. In: 6th IAPR Int’l Conf. on Biometrics, pp. 1–7 (2013)Google Scholar
  5. 5.
    Biggio, B., Fumera, G., Pillai, I., Roli, F.: A survey and experimental evaluation of image spam filtering techniques. Pattern Rec. Letters 32(10), 1436–1446 (2011)CrossRefGoogle Scholar
  6. 6.
    Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE Trans. on Knowledge and Data Engineering 99(preprints),  1 (2013)Google Scholar
  7. 7.
    Biggio, B., Fumera, G., Roli, F., Didaci, L.: Poisoning adaptive biometric systems. In: Gimel’farb, G., Hancock, E., Imiya, A., Kuijper, A., Kudo, M., Omachi, S., Windeatt, T., Yamada, K. (eds.) SSPR&SPR 2012. LNCS, vol. 7626, pp. 417–425. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Biggio, B., Pillai, I., Rota Bulò, S., Ariu, D., Pelillo, M., Roli, F.: Is data clustering in adversarial settings secure? In: Proc. of the 2013 Artificial Intelligence and Security Workshop (2013)Google Scholar
  9. 9.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. Wiley-Interscience Publication (2000)Google Scholar
  10. 10.
    Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B., Tygar, J.D.: Adversarial machine learning. In: 4th ACM Workshop on Artificial Intelligence and Security (AISec 2011), Chicago, IL, USA, pp. 43–57 (2011)Google Scholar
  11. 11.
    Kloft, M., Laskov, P.: Online anomaly detection under adversarial impact. In: Proc. of the 13th Int’l Conf. on Artificial Intelligence and Statistics, pp. 405–412 (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Fabio Roli
    • 1
  • Battista Biggio
    • 1
  • Giorgio Fumera
    • 1
  1. 1.Dept. of Electrical and Electronic EngineeringUniversity of CagliariPiazza d’ArmiItaly

Personalised recommendations