Modeling Adversarial Learning as Nested Stackelberg Games

  • Yan Zhou
  • Murat Kantarcioglu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9652)


Many data mining applications potentially operate in an adversarial environment where adversaries adapt their behavior to evade detection. Typically adversaries alter data under their control to cause a large divergence of distribution between training and test data. Existing state-of-the-art adversarial learning techniques try to address this problem in which there is only a single type of adversary. In practice, a learner often has to face multiple types of adversaries that may employ different attack tactics. In this paper, we tackle the challenges of multiple types of adversaries with a nested Stackelberg game framework. We demonstrate the effectiveness of our framework with extensive empirical results on both synthetic and real data sets. Our results demonstrate that the nested game framework offers more reliable defense against multiple types of attackers.


Mixed Strategy Pure Strategy Data Transformation Stackelberg Game Negative Data 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Lowd, D.: Good word attacks on statistical spam filters. In: Proceedings of the Second Conference on Email and Anti-Spam (CEAS) (2005)Google Scholar
  2. 2.
    Globerson, A., Roweis, S.: Nightmare at test time: robust learning by feature deletion. In: ICML, pp. 353–360. ACM (2006)Google Scholar
  3. 3.
    El Ghaoui, L., Lanckriet, G.R.G., Natsoulis, G.: Robust classification with interval data. Technical report UCB/CSD-03-1279, EECS Department, University of California, Berkeley, October 2003Google Scholar
  4. 4.
    Zhou, Y., Kantarcioglu, M., Thuraisingham, B., Xi, B.: Adversarial support vector machine learning. In: SIGKDD, pp. 1059–1067. ACM (2012)Google Scholar
  5. 5.
    Lanckriet, G.R.G., Ghaoui, L.E., Bhattacharyya, C., Jordan, M.I.: A robust minimax approach to classification. J. Mach. Learn. Res. 3, 555–582 (2002)MathSciNetzbMATHGoogle Scholar
  6. 6.
    Teo, C.H., Globerson, A., Roweis, S.T., Smola, A.J.: Convex learning with invariances. In: Advances in Neural Information Processing Systems (2007)Google Scholar
  7. 7.
    Dekel, O., Shamir, O.: Learning to classify with missing and corrupted features. In: ICML, pp. 216–223. ACM (2008)Google Scholar
  8. 8.
    Dekel, O., Shamir, O., Xiao, L.: Learning to classify with missing and corrupted features. Mach. Learn. 81(2), 149–178 (2010)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Kantarcioglu, M., Xi, B., Clifton, C.: Classifier evaluation and attribute selection against active adversaries. Data Min. Knowl. Discov. 22, 291–335 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Liu, W., Chawla, S.: A game theoretical model for adversarial learning. In: Proceedings of the 2009 IEEE International Conference on Data Mining Workshops. ICDMW 2009, pp. 25–30, Washington, DC, USA. IEEE Computer Society (2009)Google Scholar
  11. 11.
    Bruckner, M., Scheffer, T.: Nash equilibria of static prediction games. In: Advances in Neural Information Processing Systems, MIT Press, Cambridge (2009)Google Scholar
  12. 12.
    Brückner, M., Scheffer, T.: Stackelberg games for adversarial prediction problems. In: KDD, pp. 547–555, New York (2011)Google Scholar
  13. 13.
    Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: ICML, pp. 1807–1814 (2012)Google Scholar
  14. 14.
    Zhou, Y., Kantarcioglu, M., Thuraisingham, B.M.: Sparse bayesian adversarial learning using relevance vector machine ensembles. In: ICDM, pp. 1206–1211 (2012)Google Scholar
  15. 15.
    Zhou, Y., Kantarcioglu, M.: Adversarial learning with bayesian hierarchical mixtures of experts. In: SDM, pp. 929–937 (2014)Google Scholar
  16. 16.
    Basar, T., Olsder, G.J.: Dynamic Noncooperative Game Theory. Society for Industrial and Applied Mathematics, Classics in Applied Mathematics (1999)Google Scholar
  17. 17.
    Paruchuri, P.: Playing games for security: an efficient exact algorithm for solving bayesian stackelberg games. In: AAMAS (2008)Google Scholar
  18. 18.
    UCI:UCI Machine Learning Repository (2014).
  19. 19.
    LIBSVM:LIBSVM Data: Classification, Regression, and Multi-label (2014).

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Computer Science DepartmentThe University of Texas at DallasRichardsonUSA

Personalised recommendations