Adversarial machine learning /
By: Vorobeychik, Yevgeniy [author.].
Contributor(s): Kantarcioglu, Murat [author.].
Material type:
BookSeries: Synthesis digital library of engineering and computer science: ; Synthesis lectures on artificial intelligence and machine learning: # 38.Publisher: [San Rafael, California] : Morgan & Claypool, 2018.Description: 1 PDF (xvii, 152 pages) : illustrations.Content type: text Media type: electronic Carrier type: online resourceISBN: 9781681733968.Subject(s): Machine learning | adversarial machine learning | game theory | machine learningDDC classification: 006.31 Online resources: Abstract with links to resource Also available in print.| Item type | Current location | Call number | Status | Date due | Barcode | Item holds |
|---|---|---|---|---|---|---|
E books
|
PK Kelkar Library, IIT Kanpur | Available | EBKE816 |
Mode of access: World Wide Web.
System requirements: Adobe Acrobat Reader.
Part of: Synthesis digital library of engineering and computer science.
Includes bibliographical references (pages 137-148) and index.
1. Introduction --
2. Machine learning preliminaries -- 2.1 Supervised learning -- 2.1.1 Regression learning -- 2.1.2 Classification learning -- 2.1.3 PAC learnability -- 2.1.4 Supervised learning in adversarial settings -- 2.2 Unsupervised learning -- 2.2.1 Clustering -- 2.2.2 Principal component analysis -- 2.2.3 Matrix completion -- 2.2.4 Unsupervised learning in adversarial settings -- 2.3 Reinforcement learning -- 2.3.1 Reinforcement learning in adversarial settings -- 2.4 Bibliographic notes --
3. Categories of attacks on machine learning -- 3.1 Attack timing -- 3.2 Information available to the attacker -- 3.3 Attacker goals -- 3.4 Bibliographic notes --
4. Attacks at decision time -- 4.1 Examples of evasion attacks on machine learning models -- 4.1.1 Attacks on anomaly detection: polymorphic blending -- 4.1.2 Attacks on PDF malware classifiers -- 4.2 Modeling decision-time attacks -- 4.3 White-box decision-time attacks -- 4.3.1 Attacks on binary classifiers: adversarial classifier evasion -- 4.3.2 Decision-time attacks on multiclass classifiers -- 4.3.3 Decision-time attacks on anomaly detectors -- 4.3.4 Decision-time attacks on clustering models -- 4.3.5 Decision-time attacks on regression models -- 4.3.6 Decision-time attacks on reinforcement learning -- 4.4 Black-box decision-time attacks -- 4.4.1 A taxonomy of black-box attacks -- 4.4.2 Modeling attacker information acquisition -- 4.4.3 Attacking using an approximate model -- 4.5 Bibliographical notes --
5. Defending against decision-time attacks -- 5.1 Hardening supervised learning against decision-time attacks -- 5.2 Optimal evasion-robust classification -- 5.2.1 Optimal evasion-robust sparse SVM -- 5.2.2 Evasion-robust SVM against free-range attacks -- 5.2.3 Evasion-robust SVM against restrained attacks -- 5.2.4 Evasion-robust classification on unrestricted feature spaces -- 5.2.5 Robustness to adversarially missing features -- 5.3 Approximately hardening classifiers against decision-time attacks -- 5.3.1 Relaxation approaches -- 5.3.2 General-purpose defense: iterative retraining -- 5.4 Evasion-robustness through feature-level protection -- 5.5 Decision randomization -- 5.5.1 Model -- 5.5.2 Optimal randomized operational use of classification -- 5.6 Evasion-robust regression -- 5.7 Bibliographic notes --
6. Data poisoning attacks -- 6.1 Modeling poisoning attacks -- 6.2 Poisoning attacks on binary classification -- 6.2.1 Label-flipping attacks -- 6.2.2 Poison insertion attack on kernel SVM -- 6.3 Poisoning attacks for unsupervised learning -- 6.3.1 Poisoning attacks on clustering -- 6.3.2 Poisoning attacks on anomaly detection -- 6.4 Poisoning attack on matrix completion -- 6.4.1 Attack model -- 6.4.2 Attacking alternating minimization -- 6.4.3 Attacking nuclear norm minimization -- 6.4.4 Mimicking normal user behaviors -- 6.5 A general framework for poisoning attacks -- 6.6 Black-box poisoning attacks -- 6.7 Bibliographic notes --
7. Defending against data poisoning -- 7.1 Robust learning through data sub-sampling -- 7.2 Robust learning through outlier removal -- 7.3 Robust learning through trimmed optimization -- 7.4 Robust matrix factorization -- 7.4.1 Noise-free subspace recovery -- 7.4.2 Dealing with noise -- 7.4.3 Efficient robust subspace recovery -- 7.5 An efficient algorithm for trimmed optimization problems -- 7.6 Bibliographic notes --
8. Attacking and defending deep learning -- 8.1 Neural network models -- 8.2 Attacks on deep neural networks: adversarial examples -- 8.2.1 l2-norm attacks -- 8.2.2 l[infinity]-norm attacks -- 8.2.3 l0-norm attacks -- 8.2.4 Attacks in the physical world -- 8.2.5 Black-box attacks -- 8.3 Making deep learning robust to adversarial examples -- 8.3.1 Robust optimization -- 8.3.2 Retraining -- 8.3.3 Distillation -- 8.4 Bibliographic notes --
9. The road ahead -- 9.1 Beyond robust optimization -- 9.2 Incomplete information -- 9.3 Confidence in predictions -- 9.4 Randomization -- 9.5 Multiple learners -- 9.6 Models and validation --
Bibliography -- Authors' biographies -- Index.
Abstract freely available; full-text restricted to subscribers or individual document purchasers.
Compendex
INSPEC
Google scholar
Google book search
The increasing abundance of large high-quality datasets, combined with significant technical advances over the last several decades have made machine learning into a major tool employed across a broad array of tasks including vision, language, finance, and security. However, success has been accompanied with important new challenges: many applications of machine learning are adversarial in nature. Some are adversarial because they are safety critical, such as autonomous driving. An adversary in these applications can be a malicious party aimed at causing congestion or accidents, or may even model unusual situations that expose vulnerabilities in the prediction engine. Other applications are adversarial because their task and/or the data they use are. For example, an important class of problems in security involves detection, such as malware, spam, and intrusion detection. The use of machine learning for detecting malicious entities creates an incentive among adversaries to evade detection by changing their behavior or the content of malicious objects they develop. The field of adversarial machine learning has emerged to study vulnerabilities of machine learning approaches in adversarial settings and to develop techniques to make learning robust to adversarial manipulation. This book provides a technical overview of this field. After reviewing machine learning concepts and approaches, as well as common use cases of these in adversarial settings, we present a general categorization of attacks on machine learning.We then address two major categories of attacks and associated defenses: decision-time attacks, in which an adversary changes the nature of instances seen by a learned model at the time of prediction in order to cause errors, and poisoning or training time attacks, in which the actual training dataset is maliciously modified. In our final chapter devoted to technical content, we discuss recent techniques for attacks on deep learning, as well as approaches for improving robustness of deep neural networks. We conclude with a discussion of several important issues in the area of adversarial learning that in our view warrant further research. Given the increasing interest in the area of adversarial machine learning, we hope this book provides readers with the tools necessary to successfully engage in research and practice of machine learning in adversarial settings.
Also available in print.
Title from PDF title page (viewed on August 29, 2018).
There are no comments for this item.