Abstract
Security systems for email spam filtering, network intrusion detection, steganalysis, and watermarking, frequently use classifiers to separate malicious behavior from legitimate. Typically, they use a fixed operating point minimizing the expected cost / error. This allows a rational attacker to deliver invisible attacks just below the detection threshold. We model this situation as a non-zero sum normal form game capturing attacker’s expected payoffs for detected and undetected attacks, and detector’s costs for false positives and false negatives computed based on the Receiver Operating Characteristic (ROC) curve of the classifier. The analysis of Nash and Stackelberg equilibria reveals that using a randomized strategy over multiple operating points forces the rational attacker to design less efficient attacks and substantially lowers the expected cost of the detector. We present the equilibrium strategies for sample ROC curves from network intrusion detection system and evaluate the corresponding benefits.
Chapter PDF
Similar content being viewed by others
Keywords
References
Biggio, B., Corona, I., Maiorca, D., Nelson, B., Šrndić, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., Železný, F. (eds.) ECML PKDD 2013, Part III. LNCS (LNAI), vol. 8190, pp. 387–402. Springer, Heidelberg (2013)
Cárdenas, A.A., Baras, J.S., Seamon, K.: A framework for the evaluation of intrusion detection systems. In: 2006 IEEE Symposium on Security and Privacy, pp. 15–77. IEEE (2006)
Cavusoglu, H., Raghunathan, S.: Configuration of detection software: A comparison of decision and game theory approaches. Decision Analysis 1(3), 131–148 (2004)
Comesana, P., Pérez-Freire, L., Pérez-González, F.: Blind newton sensitivity attack. In: IEE Proceedings of the Information Security, vol. 153, pp. 115–125. IET (2006)
Conitzer, V., Sandholm, T.: Computing the optimal strategy to commit to. In: Proceedings of the 7th ACM Conference on Electronic Commerce, pp. 82–90. ACM (2006)
Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography. Cambridge University Press (2008)
Daskalakis, C., Goldberg, P.W., Papadimitriou, C.H.: The complexity of computing a nash equilibrium. SIAM Journal on Computing 39(1), 195–259 (2009)
Dritsoula, L., Loiseau, P., Musacchio, J.: Computing the nash equilibria of intruder classification games. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 78–97. Springer, Heidelberg (2012)
Flach, P.A., Wu, S.: Repairing concavities in roc curves. In: Proceedings of the 19th International Joint Conference on Artificial Intelligence, IJCAI 2005, pp. 702–707. Morgan Kaufmann Publishers Inc., San Francisco (2005)
Fogla, P., Lee, W.: Evading network anomaly detection systems: Formal reasoning and practical techniques. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 59–68. ACM, New York (2006)
Fridrich, J.: Steganography in Digital Media: Principles, Algorithms, and Applications. Cambridge University Press (2009)
Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. Journal of Artificial Intelligence Research 41(2), 297–327 (2011)
Kutter, M., Petitcolas, F.A.: Fair benchmark for image watermarking systems. In: Electronic Imaging 1999, pp. 226–239. International Society for Optics and Photonics (1999)
Lemke, C.E., Howson Jr, J.T.: Equilibrium points of bimatrix games. Journal of the Society for Industrial & Applied Mathematics 12(2), 413–423 (1964)
Mangasarian, O.L.: Equilibrium points of bimatrix games. Journal of the Society for Industrial & Applied Mathematics 12(4), 778–780 (1964)
McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: Software tools for game theory, version 13.1.1 (2013), http://www.gambit-project.org
Ogwueleka, F.N.: Data mining application in credit-card fraud detection system. Journal of Engineering Science and Technology 6(3), 311–322 (2011)
Paruchuri, P., Pearce, J.P., Marecki, J., Tambe, M., Ordóñez, F., Kraus, S.: Efficient algorithms to solve bayesian stackelberg games for security applications. In: AAAI, pp. 1559–1562 (2008)
Pevny, T., Rehak, M., Grill, M.: Detecting anomalous network hosts by means of pca. In: 2012 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 103–108 (December 2012)
Provost, F., Fawcett, T.: Robust classification for imprecise environments. Mach. Learn. 42(3), 203–231 (2001)
Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press (2011)
Von Stengel, B., Zamir, S.: Leadership with commitment to mixed strategies. Tech. Rep. LSE-CDAM-2004-01, Centre for Discrete and Applicable Mathematics, London School of Economics and Political Science (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lisý, V., Kessl, R., Pevný, T. (2014). Randomized Operating Point Selection in Adversarial Classification. In: Calders, T., Esposito, F., Hüllermeier, E., Meo, R. (eds) Machine Learning and Knowledge Discovery in Databases. ECML PKDD 2014. Lecture Notes in Computer Science(), vol 8725. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44851-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-662-44851-9_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44850-2
Online ISBN: 978-3-662-44851-9
eBook Packages: Computer ScienceComputer Science (R0)