Skip to main content
SpringerLink
Log in

An Efficient Adversarial Learning Strategy for Constructing Robust Classification Boundaries

  • Conference paper
AI 2012: Advances in Artificial Intelligence (AI 2012)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 7691))

Included in the following conference series:

Abstract

Traditional classification methods assume that the training and the test data arise from the same underlying distribution. However in some adversarial settings, the test set can be deliberately constructed in order to increase the error rates of a classifier. A prominent example is email spam where words are transformed to avoid word-based features embedded in a spam filter. Recent research has modeled interactions between a data miner and an adversary as a sequential Stackelberg game, and solved its Nash equilibrium to build classifiers that are more robust to subsequent manipulations on training data sets. However in this paper we argue that the iterative algorithm used in the Stackelberg game, which solves an optimization problem at each step of play, is sufficient but not necessary for achieving Nash equilibria in classification problems. Instead, we propose a method that transforms singular vectors of a training data matrix to simulate manipulations by an adversary, and from that perspective a Nash equilibrium can be obtained by solving a novel optimization problem only once. We show that compared with the iterative algorithm used in recent literature, our one-step game significantly reduces computing time while still being able to produce good Nash equilibria results.

This research was partially funded by Australia Research Council Discovery Grants (DP110102621 and DP0881537).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Dalvi, N., Domingos, P., Mausam, Sanghai, S., Verma, D.: Adversarial classification. In: Proc. of KDD 2004, pp. 99–108 (2004)

    Google Scholar 

  2. Lowd, D., Meek, C.: Adversarial learning. In: KDD 2005, pp. 641–647 (2005)

    Google Scholar 

  3. Globerson, A., Roweis, S.: Nightmare at test time: robust learning by feature deletion. In: Proc. of ICML 2006, pp. 353–360 (2006)

    Google Scholar 

  4. Kołcz, A., Teo, C.: Feature weighting for improved classifier robustness. In: CEAS 2009: Sixth Conference on Email and Anti-Spam (2009)

    Google Scholar 

  5. Kantarcioglu, M., Xi, B., Clifton, C.: Classifier evaluation and attribute selection against active adversaries. Data Min. Knowl. Discov. 22(1), 291–335 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  6. Liu, W., Chawla, S.: A game theoretical model for adversarial learning. In: Proceedings of the 2009 IEEE International Conference on Data Mining Workshops, pp. 25–30 (2009)

    Google Scholar 

  7. Liu, W., Chawla, S.: Mining Adversarial Patterns via Regularized Loss Minimization. Machine Learning 81(1), 69–83 (2010)

    Article  Google Scholar 

  8. Brückner, M., Scheffer, T.: Stackelberg games for adversarial prediction problems. In: Proc. of KDD 2011, pp. 547–555 (2011)

    Google Scholar 

  9. Fudenberg, D., Tirole, J.: Game Theory, 1st edn. The MIT Press (1991)

    Google Scholar 

  10. Fortuna, J., Capson, D.: Improved support vector classification using PCA and ICA feature space modification. Pattern Recognition 37(6), 1117–1129 (2004)

    Article  MATH  Google Scholar 

  11. Selvan, S., Ramakrishnan, S.: SVD-based modeling for image texture classification using wavelet transformation. IEEE Transactions on Image Processing 16(11), 2688–2696 (2007)

    Article  MathSciNet  Google Scholar 

  12. Byrd, R., Schnabel, R., Shultz, G.: Approximate solution of the trust region problem by minimization over two-dimensional subspaces. Mathematical Programming 40(1), 247–263 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  13. Moré, J., Sorensen, D.: Computing a trust region step. SIAM Journal on Scientific and Statistical Computing 4, 553 (1983)

    Article  MATH  Google Scholar 

  14. Branch, M., Coleman, T., Li, Y.: A subspace, interior, and conjugate gradient method for large-scale bound-constrained minimization problems. SIAM Journal on Scientific Computing 21(1), 1–23 (2000)

    Article  MathSciNet  Google Scholar 

  15. Delany, S.J., Cunningham, P., Tsymbal, A., Coyle, L.: Tracking concept drift in spam filtering. Knowledge-Based Systems 18(4-5), 187–195 (2005)

    Article  Google Scholar 

  16. Demšar, J.: Statistical comparisons of classifiers over multiple data sets. Journal of Machine Learning Research 7, 1–30 (2006)

    MATH  Google Scholar 

  17. Hastie, T., Tibshirani, R., Friedman, J.: The elements of statistical learning (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept of Computing and Information Systems, The University of Melbourne, Australia

    Wei Liu, James Bailey, Christopher Leckie & Kotagiri Ramamohanarao

  2. School of Information Technologies, The University of Sydney, Australia

    Sanjay Chawla

Authors
  1. Wei Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sanjay Chawla
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. James Bailey
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christopher Leckie
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kotagiri Ramamohanarao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science and Engineering, University of New South Wales, 2052, Sydney, NSW, Australia

    Michael Thielscher

  2. School of Computing and Mathematics, University of Western Sydney, 1797, Penrith South DC, NSW, Australia

    Dongmo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, W., Chawla, S., Bailey, J., Leckie, C., Ramamohanarao, K. (2012). An Efficient Adversarial Learning Strategy for Constructing Robust Classification Boundaries. In: Thielscher, M., Zhang, D. (eds) AI 2012: Advances in Artificial Intelligence. AI 2012. Lecture Notes in Computer Science(), vol 7691. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35101-3_55

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35101-3_55

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35100-6

  • Online ISBN: 978-3-642-35101-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation