A data-driven attack against support vectors of SVM

Liu, S; Zhou, W; Zhang, J; Xiang, Y; Wangt, Y; De Vel, O

A data-driven attack against support vectors of SVM

Liu, S Zhou, W

Zhang, J Xiang, Y Wangt, Y De Vel, O

Permalink

Publication Type:: Conference Proceeding
Citation:: ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, 2018, pp. 723 - 734
Issue Date:: 2018-05-29

Closed Access

	Filename	Description	Size
	p723-liu.pdf	Published version	11.65 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Liu, S	en_US
dc.contributor.author	Zhou, W https://orcid.org/0000-0002-1680-2521	en_US
dc.contributor.author	Zhang, J	en_US
dc.contributor.author	Xiang, Y	en_US
dc.contributor.author	Wangt, Y	en_US
dc.contributor.author	De Vel, O	en_US
dc.date.issued	2018-05-29	en_US
dc.identifier.citation	ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, 2018, pp. 723 - 734	en_US
dc.identifier.isbn	9781450355766	en_US
dc.identifier.uri	http://hdl.handle.net/10453/132996
dc.description.abstract	© 2018 Association for Computing Machinery. Machine learning (ML) is commonly used in multiple disciplines and real-world applications, such as information retrieval, financial systems, health, biometrics and online social networks. However, their security profiles against deliberate attacks have not often been considered. Sophisticated adversaries can exploit specific vulnerabilities exposed by classical ML algorithms to deceive intelligent systems. It is emerging to perform a thorough security evaluation as well as potential attacks against the machine learning techniques before developing novel methods to guarantee that machine learning can be securely applied in adversarial setting. In this paper, an effective attack strategy for crafting foreign support vectors in order to attack a classic ML algorithm, the Support Vector Machine (SVM) has been proposed with mathematical proof. The new attack can minimize the margin around the decision boundary and maximize the hinge loss simultaneously. We evaluate the new attack in different real-world applications including social spam detection, Internet traffic classification and image recognition. Experimental results highlight that the security of classifiers can be worsened by poisoning a small group of support vectors.	en_US
dc.relation.ispartof	ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security	en_US
dc.relation.isbasedon	10.1145/3196494.3196539	en_US
dc.title	A data-driven attack against support vectors of SVM	en_US
dc.type	Conference Proceeding
utslib.for	080303 Computer System Security	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access
pubs.publication-status	Published	en_US

Abstract:

© 2018 Association for Computing Machinery. Machine learning (ML) is commonly used in multiple disciplines and real-world applications, such as information retrieval, financial systems, health, biometrics and online social networks. However, their security profiles against deliberate attacks have not often been considered. Sophisticated adversaries can exploit specific vulnerabilities exposed by classical ML algorithms to deceive intelligent systems. It is emerging to perform a thorough security evaluation as well as potential attacks against the machine learning techniques before developing novel methods to guarantee that machine learning can be securely applied in adversarial setting. In this paper, an effective attack strategy for crafting foreign support vectors in order to attack a classic ML algorithm, the Support Vector Machine (SVM) has been proposed with mathematical proof. The new attack can minimize the margin around the decision boundary and maximize the hinge loss simultaneously. We evaluate the new attack in different real-world applications including social spam detection, Internet traffic classification and image recognition. Experimental results highlight that the security of classifiers can be worsened by poisoning a small group of support vectors.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/132996