Adversarial Machine Learning
|Yevgeniy Vorobeychik, Murat Kantarcioglu
ISBN: 9781681733951 | PDF ISBN: 9781681733968
Hardcover ISBN: 9781681733975
Copyright © 2018 | 169 Pages | Publication Date: August, 2018
BEFORE YOU ORDER: You may have Academic or Corporate access to this title. Click here to find out: 10.2200/S00861ED1V01Y201806AIM039
Ordering Options: Paperback $69.95 E-book $55.96 Paperback & E-book Combo $87.44
The increasing abundance of large high-quality datasets, combined with significant technical advances over the last several decades have made machine learning into a major tool employed across a broad array of tasks including vision, language, finance, and security. However, success has been accompanied with important new challenges: many applications of machine learning are adversarial in nature. Some are adversarial because they are safety critical, such as autonomous driving. An adversary in these applications can be a malicious party aimed at causing congestion or accidents, or may even model unusual situations that expose vulnerabilities in the prediction engine. Other applications are adversarial because their task and/or the data they use are. For example, an important class of problems in security involves detection, such as malware, spam, and intrusion detection. The use of machine learning for detecting malicious entities creates an incentive among adversaries to evade detection by changing their behavior or the content of malicious objects they develop.
The field of adversarial machine learning has emerged to study vulnerabilities of machine learning approaches in adversarial settings and to develop techniques to make learning robust to adversarial manipulation. This book provides a technical overview of this field. After reviewing machine learning concepts and approaches, as well as common use cases of these in adversarial settings, we present a general categorization of attacks on machine learning. We then address two major categories of attacks and associated defenses: decision-time attacks, in which an adversary changes the nature of instances seen by a learned model at the time of prediction in order to cause errors, and poisoning or training time attacks, in which the actual training dataset is maliciously modified. In our final chapter devoted to technical content, we discuss recent techniques for attacks on deep learning, as well as approaches for improving robustness of deep neural networks. We conclude with a discussion of several important issues in the area of adversarial learning that in our view warrant further research.
Given the increasing interest in the area of adversarial machine learning, we hope this book provides readers with the tools necessary to successfully engage in research and practice of machine learning in adversarial settings.
Table of Contents
List of Figures
Machine Learning Preliminaries
Categories of Attacks on Machine Learning
Attacks at Decision Time
Defending Against Decision-Time Attacks
Data Poisoning Attacks
Defending Against Data Poisoning
Attacking and Defending Deep Learning
The Road Ahead
About the Author(s)
Yevgeniy Vorobeychik, Washington University in Saint Louis
Yevgeniy Vorobeychik is an Associate Professor of Computer Science and Engineering at Washington University in Saint Louis. Previously, he was an Assistant Professor of Computer Science at Vanderbilt University. Between 2008 and 2010, he was a post-doctoral research associate at the University of Pennsylvania Computer and Information Science department. He received Ph.D. (2008) and M.S.E. (2004) degrees in Computer Science and Engineering from the University of Michigan, and a B.S. degree in Computer Engineering from Northwestern University. His work focuses on game theoretic modeling of security and privacy, adversarial machine learning, algorithmic and behavioral game theory and incentive design, optimization, agent-based modeling, complex systems, network science, and epidemic control. Dr. Vorobeychik received an NSF CAREER award in 2017, and was invited to give an IJCAI-16 early career spotlight talk. He was nominated for the 2008 ACM Doctoral Dissertation Award and received honorable mention for the 2008 IFAAMAS Distinguished Dissertation Award.
Murat Kantarcioglu, University of Texas, Dallas
Murat Kantarcioglu is a Professor of Computer Science and Director of the UTD Data Security and Privacy Lab at The University of Texas at Dallas. Currently, he is also a visiting scholar at Harvard’s Data Privacy Lab. He holds a B.S. in Computer Engineering from Middle East Technical University, and M.S. and Ph.D. degrees in Computer Science from Purdue University. Dr. Kantarcioglu’s research focuses on creating technologies that can efficiently extract useful information from any data without sacrificing privacy or security. His research has been supported by awards from NSF, AFOSR, ONR, NSA, and NIH. He has published over 175 peer-reviewed papers. His work has been covered by media outlets such as The Boston Globe and ABC News, among others, and has received three best paper awards. He is also the recipient of various awards including NSF CAREER award, a Purdue CERIAS Diamond Award for academic excellence, the AMIA (American Medical Informatics Association) 2014 Homer R. Warner Award, and the IEEE ISI (Intelligence and Security Informatics) 2017 Technical Achievement Award presented jointly by IEEE SMC and IEEE ITS societies for his research in data security and privacy. He is also a Distinguished Scientist of ACM.