Mining adversarial patterns via regularized loss minimization
- 406 Downloads
Traditional classification methods assume that the training and the test data arise from the same underlying distribution. However, in several adversarial settings, the test set is deliberately constructed in order to increase the error rates of the classifier. A prominent example is spam email where words are transformed to get around word based features embedded in a spam filter.
In this paper we model the interaction between a data miner and an adversary as a Stackelberg game with convex loss functions. We solve for the Nash equilibrium which is a pair of strategies (classifier weights, data transformations) from which there is no incentive for either the data miner or the adversary to deviate. Experiments on synthetic and real data demonstrate that the Nash equilibrium solution leads to solutions which are more robust to subsequent manipulation of data and also provide interesting insights about both the data miner and the adversary.
KeywordsStackelberg game Nash equilibrium Loss minimization
- Demšar, J. (2006). Statistical comparisons of classifiers over multiple data sets. The Journal of Machine Learning Research, 7, 30. Google Scholar
- Dixit, A., & Skeath, S. (1999). Games of strategy. New York: Norton. Google Scholar
- Fudenberg, D., & Tirole, J. (1991). Game theory (1st ed.). Cambridge: MIT Press. Google Scholar
- Globerson, A., Teo, C. H., Smola, A., & Roweis, S. (2008). An adversarial view of covariate shift and a minimax approach. In Dataset shift in machine learning. Cambridge: MIT Press. Google Scholar
- Hastie, T., Tibshirani, R., & Friedman, J. (2001). The elements of statistical learning. Google Scholar
- Kantarcioglu, M., Xi, B., & Clifton, C. (2009). Classifier evaluation and attribute selection against active adversaries (Technical report). Department of Statistics, Purdue University. Google Scholar
- Kołcz, A., & Teo, C. (2009). Feature weighting for improved classifier robustness. In CEAS’09: sixth conference on email and anti-spam. Google Scholar