Issue No.04 - April (2014 vol.26)
Battista Biggio , Dept. of Electr. & Electron. Eng., Univ. of Cagliari, Cagliari, Italy
Giorgio Fumera , Dept. of Electr. & Electron. Eng., Univ. of Cagliari, Cagliari, Italy
Fabio Roli , Dept. of Electr. & Electron. Eng., Univ. of Cagliari, Cagliari, Italy
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TKDE.2013.57
Pattern classification systems are commonly used in adversarial applications, like biometric authentication, network intrusion detection, and spam filtering, in which data can be purposely manipulated by humans to undermine their operation. As this adversarial scenario is not taken into account by classical design methods, pattern classification systems may exhibit vulnerabilities, whose exploitation may severely affect their performance, and consequently limit their practical utility. Extending pattern classification theory and design methods to adversarial settings is thus a novel and very relevant research direction, which has not yet been pursued in a systematic way. In this paper, we address one of the main open issues: evaluating at design phase the security of pattern classifiers, namely, the performance degradation under potential attacks they may incur during operation. We propose a framework for empirical evaluation of classifier security that formalizes and generalizes the main ideas proposed in the literature, and give examples of its use in three real applications. Reported results show that security evaluation can provide a more complete understanding of the classifier's behavior in adversarial environments, and lead to better design choices.
Security, Training, Testing, Data models, Performance evaluation, Analytical models, Algorithm design and analysis,robustness evaluation, Pattern classification, adversarial classification, performance evaluation, security evaluation
Battista Biggio, Giorgio Fumera, Fabio Roli, "Security Evaluation of Pattern Classifiers under Attack", IEEE Transactions on Knowledge & Data Engineering, vol.26, no. 4, pp. 984-996, April 2014, doi:10.1109/TKDE.2013.57