Chapter

Support Vector Machines Applications

pp 105-153

Date:

Security Evaluation of Support Vector Machines in Adversarial Environments

  • Battista BiggioAffiliated withDepartment of Electrical and Electronic Engineering, University of Cagliari Email author 
  • , Igino CoronaAffiliated withDepartment of Electrical and Electronic Engineering, University of Cagliari
  • , Blaine NelsonAffiliated withInstitut für Informatik, Universität Potsdam
  • , Benjamin I. P. RubinsteinAffiliated withDepartment of Computing and Information Systems, University of Melbourne
  • , Davide MaiorcaAffiliated withDepartment of Electrical and Electronic Engineering, University of Cagliari
  • , Giorgio FumeraAffiliated withDepartment of Electrical and Electronic Engineering, University of Cagliari
  • , Giorgio GiacintoAffiliated withDepartment of Electrical and Electronic Engineering, University of Cagliari
  • , Fabio RoliAffiliated withDepartment of Electrical and Electronic Engineering, University of Cagliari

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Support vector machines (SVMs) are among the most popular classification techniques adopted in security applications like malware detection, intrusion detection, and spam filtering. However, if SVMs are to be incorporated in real-world security systems, they must be able to cope with attack patterns that can either mislead the learning algorithm (poisoning), evade detection (evasion) or gain information about their internal parameters (privacy breaches). The main contributions of this chapter are twofold. First, we introduce a formal general framework for the empirical evaluation of the security of machine-learning systems. Second, according to our framework, we demonstrate the feasibility of evasion, poisoning and privacy attacks against SVMs in real-world security problems. For each attack technique, we evaluate its impact and discuss whether (and how) it can be countered through an adversary-aware design of SVMs. Our experiments are easily reproducible thanks to open-source code that we have made available, together with all the employed datasets, on a public repository.