ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Adversarial classification
Full text PdfPdf (215 KB)
Source International Conference on Knowledge Discovery and Data Mining archive
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining table of contents
Seattle, WA, USA
SESSION: Research track papers table of contents
Pages: 99 - 108  
Year of Publication: 2004
ISBN:1-58113-888-1
Authors
Nilesh Dalvi  University of Washington - Seattle, Seattle, WA
Pedro Domingos  University of Washington - Seattle, Seattle, WA
Mausam  University of Washington - Seattle, Seattle, WA
Sumit Sanghai  University of Washington - Seattle, Seattle, WA
Deepak Verma  University of Washington - Seattle, Seattle, WA
Sponsors
SIGMOD: ACM Special Interest Group on Management of Data
SIGKDD: ACM Special Interest Group on Knowledge Discovery in Data
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 135,   Citation Count: 20
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1014052.1014066
What is a DOI?

ABSTRACT

Essentially all data mining algorithms assume that the data-generating process is independent of the data miner's activities. However, in many domains, including spam detection, intrusion detection, fraud detection, surveillance and counter-terrorism, this is far from the case: the data is actively manipulated by an adversary seeking to make the classifier produce false negatives. In these domains, the performance of a classifier can degrade rapidly after it is deployed, as the adversary learns to defeat it. Currently the only solution to this is repeated, manual, ad hoc reconstruction of the classifier. In this paper we develop a formal framework and algorithms for this problem. We view classification as a game between the classifier and the adversary, and produce a classifier that is optimal given the adversary's optimal strategy. Experiments in a spam detection domain show that this approach can greatly outperform a classifier learned in the standard way, and (within the parameters of the problem) automatically adapt the classifier to the adversary's evolving manipulations.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Pedro Domingos, MetaCost: a general method for making classifiers cost-sensitive, Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining, p.155-164, August 15-18, 1999, San Diego, California, United States  [doi>10.1145/312129.312220]
 
2
Pedro Domingos , Michael Pazzani, On the Optimality of the Simple Bayesian Classifier under Zero-One Loss, Machine Learning, v.29 n.2-3, p.103-130, Nov./Dec. 1997  [doi>10.1023/A:1007413511361]
3
Robert B. Doorenbos , Oren Etzioni , Daniel S. Weld, A scalable comparison-shopping agent for the World-Wide Web, Proceedings of the first international conference on Autonomous agents, p.39-48, February 05-08, 1997, Marina del Rey, California, United States  [doi>10.1145/267658.267666]
4
Tom Fawcett, "In vivo" spam filtering: a challenge problem for KDD, ACM SIGKDD Explorations Newsletter, v.5 n.2, December 2003  [doi>10.1145/980972.980990]
 
5
Tom Fawcett , Foster Provost, Adaptive Fraud Detection, Data Mining and Knowledge Discovery, v.1 n.3, p.291-316, 1997  [doi>10.1023/A:1009700419189]
 
6
D. Fudenberg and D. Levine. The Theory of Learning in Games. MIT Press, Cambridge, MA, 1999.
 
7
D. Fudenberg and J. Tirole. Game Theory. MIT Press, Cambridge, MA, 1991.
 
8
Michael R. Garey , David S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, NY, 1979
 
9
L. Guernsey. Retailers rise in Google rankings as rivals cry foul. New York Times, November 20, 2003.
10
Geoff Hulten , Laurie Spencer , Pedro Domingos, Mining time-changing data streams, Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining, p.97-106, August 26-29, 2001, San Francisco, California  [doi>10.1145/502512.502529]
11
David Jensen , Matthew Rattigan , Hannah Blau, Information awareness: a prospective technical assessment, Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining, August 24-27, 2003, Washington, D.C.  [doi>10.1145/956750.956794]
 
12
M. Kearns. Computational game theory. Tutorial, Department of Computer and Information Sciences, University of Pennsylvania, Philadelphia, PA, 2002. http://www.cis.upenn.edu/~mkearns/nips02tutorial/.
 
13
Ron Kohavi , George H. John, Wrappers for feature subset selection, Artificial Intelligence, v.97 n.1-2, p.273-324, Dec. 1997  [doi>10.1016/S0004-3702(97)00043-X]
 
14
B. Krebs. Online piracy spurs high-tech arms race. Washington Post, June 26, 2003.
 
15
M. L. Littman. Markov games as a framework for multi-agent reinforcement learning. In Proceedings of the Eleventh International Conference on Machine Learning, pages 157--163, New Brunswick, NJ, 1994. Morgan Kaufmann.
 
16
B. Lloyd. Been gazumped by Google? Trying to make sense of the "Florida" update. Search Engine Guide, November 25, 2003.
17
Matthew V. Mahoney , Philip K. Chan, Learning nonstationary models of normal network traffic for detecting novel attacks, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada  [doi>10.1145/775047.775102]
 
18
A. McCallum and K. Nigam. A comparison of event models for Naive Bayes text classification. In Proceedings of the AAAI-98 Workshop on Learning for Text Categorization, Madison, WI, 1998. AAAI Press.
 
19
F. Nielsen. Email data, 2003. http://www.imm.dtu.dk/~rem/datasets/.
 
20
Foster Provost , Tom Fawcett, Robust Classification for Imprecise Environments, Machine Learning, v.42 n.3, p.203-231, March 2001  [doi>10.1023/A:1007601015854]
 
21
J. Rennie. Ifile spam classifier, 2003. http://www.nongnu.org/ifile/.
 
22
Paul Robertson , J. Michael Brady, Adaptive Image Analysis for Aerial Surveillance, IEEE Intelligent Systems, v.14 n.3, p.30-36, May 1999  [doi>10.1109/5254.769882]
 
23
M. Sahami, S. Dumais, D. Heckerman, and E. Horvitz. A Bayesian approach to filtering junk e-mail. In Proceedings of the AAAI-98 Workshop on Learning for Text Categorization, Madison, WI, 1998. AAAI Press.
 
24
Georgios Sakkis , Ion Androutsopoulos , Georgios Paliouras , Vangelis Karkaletsis , Constantine D. Spyropoulos , Panagiotis Stamatopoulos, A Memory-Based Approach to Anti-Spam Filtering for Mailing Lists, Information Retrieval, v.6 n.1, p.49-73, January 2003  [doi>10.1023/A:1022948414856]
25
Ted E. Senator, Ongoing management and application of discovered knowledge in a large regulatory organization: a case study of the use and impact of NASD Regulation's Advanced Detection System (RADS), Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining, p.44-53, August 20-23, 2000, Boston, Massachusetts, United States  [doi>10.1145/347090.347102]
 
26
J. M. Smith. Evolution and the Theory of Games. Cambridge University Press, Cambridge, UK, 1982.
 
27
P. Turney. Cost-sensitive learning bibliography. Online bibliography, NRC Institute for Information Technology, Ottawa, Canada, 1998. http://members.rogers.com/peter.turney/bibliographies/cost-sensitive.html.
 
28
WordNet 2.0: A lexical database for the English language, 2003. http://www.cogsci.princeton.edu/~wn/.

CITED BY  20
Daniel Lowd , Christopher Meek, Adversarial learning, Proceeding of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, August 21-24, 2005, Chicago, Illinois, USA
Matthew Richardson , Amit Prakash , Eric Brill, Beyond PageRank: machine learning for static ranking, Proceedings of the 15th international conference on World Wide Web, May 23-26, 2006, Edinburgh, Scotland
Charu C. Aggarwal , Jian Pei , Bo Zhang, On privacy preservation against adversarial data mining, Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, August 20-23, 2006, Philadelphia, PA, USA
Marco Barreno , Blaine Nelson , Russell Sears , Anthony D. Joseph , J. D. Tygar, Can machine learning be secure?, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
Simone Stumpf , Vidya Rajaram , Lida Li , Margaret Burnett , Thomas Dietterich , Erin Sullivan , Russell Drummond , Jonathan Herlocker, Toward harnessing user feedback for machine learning, Proceedings of the 12th international conference on Intelligent user interfaces, January 28-31, 2007, Honolulu, Hawaii, USA
Shimon Whiteson , Peter Stone, Evolutionary Function Approximation for Reinforcement Learning, The Journal of Machine Learning Research, 7, p.877-917, 12/1/2006
Blaine Nelson , Marco Barreno , Fuching Jack Chi , Anthony D. Joseph , Benjamin I. P. Rubinstein , Udam Saini , Charles Sutton , J. D. Tygar , Kai Xia, Exploiting machine learning to subvert your spam filter, Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, p.1-9, April 15-15, 2008, San Francisco, California
Marco Barreno , Peter L. Bartlett , Fuching Jack Chi , Anthony D. Joseph , Blaine Nelson , Benjamin I.P. Rubinstein , Udam Saini , J. D. Tygar, Open problems in the security of learning, Proceedings of the 1st ACM workshop on Workshop on AISec, October 27-27, 2008, Alexandria, Virginia, USA
Arieal D. Procaccia, Towards a theory of incentives in machine learning, ACM SIGecom Exchanges, v.7 n.2, p.1-5, December 2008
Gordon V. Cormack, Email Spam Filtering: A Systematic Review, Foundations and Trends in Information Retrieval, v.1 n.4, p.335-455, April 2007
Clifton Phua , Vincent Lee , Kate Smith-Miles , Ross Gayler, Adaptive communal detection in search of adversarial identity crime, Proceedings of the 2007 international workshop on Domain driven data mining, p.1-10, August 12-12, 2007, San Jose, California
Zach Jorgensen , Yan Zhou , Meador Inge, A Multiple Instance Learning Strategy for Combating Good Word Attacks on Spam Filters, The Journal of Machine Learning Research, 9, p.1115-1146, 6/1/2008
Elena Zheleva , Aleksander Kolcz , Lise Getoor, Trusting spam reporters: A reporter-based reputation system for email filtering, ACM Transactions on Information Systems (TOIS), v.27 n.1, p.1-27, December 2008
J. Andrew Bagnell, Robust supervised learning, Proceedings of the 20th national conference on Artificial intelligence, p.714-719, July 09-13, 2005, Pittsburgh, Pennsylvania
Fidan Boylu , Haldun Aytug , Gary J. Koehler, Principal-agent learning, Decision Support Systems, v.47 n.2, p.75-81, May, 2009
Simone Stumpf , Vidya Rajaram , Lida Li , Weng-Keen Wong , Margaret Burnett , Thomas Dietterich , Erin Sullivan , Jonathan Herlocker, Interacting meaningfully with machine learning systems: Three experiments, International Journal of Human-Computer Studies, v.67 n.8, p.639-662, August, 2009
Pranam Kolari , Akshay Java , Tim Finin , Tim Oates , Anupam Joshi, Detecting spam blogs: a machine learning approach, proceedings of the 21st national conference on Artificial intelligence, p.1351-1356, July 16-20, 2006, Boston, Massachusetts
Aleksander Kolcz , Gordon V. Cormack, Genre-based decomposition of email class noise, Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, June 28-July 01, 2009, Paris, France
Benjamin Liebald , Dan Roth , Neelay Shah , Vivek Srikumar, Proactive intrusion detection, Proceedings of the 23rd national conference on Artificial intelligence, p.772-777, July 13-17, 2008, Chicago, Illinois
Reshef Meir , Ariel D. Procaccia , Jeffrey S. Rosenschein, Strategyproof classification under constant hypotheses: a tale of two functions, Proceedings of the 23rd national conference on Artificial intelligence, p.126-131, July 13-17, 2008, Chicago, Illinois

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.8 Database applications
          Subjects: Data mining

Additional Classification:
  G. Mathematics of Computing
  G.3 PROBABILITY AND STATISTICS
      Subjects: Multivariate statistics

  I. Computing Methodologies
  I.2 ARTIFICIAL INTELLIGENCE
      I.2.6 Learning
          Subjects: Induction; Concept learning; Parameter learning
  I.5 PATTERN RECOGNITION
      I.5.1 Models
          Subjects: Statistical
      I.5.2 Design Methodology
          Subjects: Feature evaluation and selection; Classifier design and evaluation


General Terms:
Algorithms


Keywords:
cost-sensitive learning, game theory, integer linear programming, naive Bayes, spam detection

Collaborative Colleagues:
Nilesh Dalvi: colleagues
Pedro Domingos: colleagues
Mausam: colleagues
Sumit Sanghai: colleagues
Deepak Verma: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player