Randomized Operating Point Selection in Adversarial Classification

  • Viliam Lisý
  • Robert Kessl
  • Tomáš Pevný
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8725)


Security systems for email spam filtering, network intrusion detection, steganalysis, and watermarking, frequently use classifiers to separate malicious behavior from legitimate. Typically, they use a fixed operating point minimizing the expected cost / error. This allows a rational attacker to deliver invisible attacks just below the detection threshold. We model this situation as a non-zero sum normal form game capturing attacker’s expected payoffs for detected and undetected attacks, and detector’s costs for false positives and false negatives computed based on the Receiver Operating Characteristic (ROC) curve of the classifier. The analysis of Nash and Stackelberg equilibria reveals that using a randomized strategy over multiple operating points forces the rational attacker to design less efficient attacks and substantially lowers the expected cost of the detector. We present the equilibrium strategies for sample ROC curves from network intrusion detection system and evaluate the corresponding benefits.


Game theory operating point selection receiver operating characteristic adversarial machine learning misclassification cost 


  1. 1.
    Biggio, B., Corona, I., Maiorca, D., Nelson, B., Šrndić, N., Laskov, P., Giacinto, G., Roli, F.: Evasion attacks against machine learning at test time. In: Blockeel, H., Kersting, K., Nijssen, S., Železný, F. (eds.) ECML PKDD 2013, Part III. LNCS (LNAI), vol. 8190, pp. 387–402. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Cárdenas, A.A., Baras, J.S., Seamon, K.: A framework for the evaluation of intrusion detection systems. In: 2006 IEEE Symposium on Security and Privacy, pp. 15–77. IEEE (2006)Google Scholar
  3. 3.
    Cavusoglu, H., Raghunathan, S.: Configuration of detection software: A comparison of decision and game theory approaches. Decision Analysis 1(3), 131–148 (2004)CrossRefGoogle Scholar
  4. 4.
    Comesana, P., Pérez-Freire, L., Pérez-González, F.: Blind newton sensitivity attack. In: IEE Proceedings of the Information Security, vol. 153, pp. 115–125. IET (2006)Google Scholar
  5. 5.
    Conitzer, V., Sandholm, T.: Computing the optimal strategy to commit to. In: Proceedings of the 7th ACM Conference on Electronic Commerce, pp. 82–90. ACM (2006)Google Scholar
  6. 6.
    Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital Watermarking and Steganography. Cambridge University Press (2008)Google Scholar
  7. 7.
    Daskalakis, C., Goldberg, P.W., Papadimitriou, C.H.: The complexity of computing a nash equilibrium. SIAM Journal on Computing 39(1), 195–259 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Dritsoula, L., Loiseau, P., Musacchio, J.: Computing the nash equilibria of intruder classification games. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 78–97. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Flach, P.A., Wu, S.: Repairing concavities in roc curves. In: Proceedings of the 19th International Joint Conference on Artificial Intelligence, IJCAI 2005, pp. 702–707. Morgan Kaufmann Publishers Inc., San Francisco (2005)Google Scholar
  10. 10.
    Fogla, P., Lee, W.: Evading network anomaly detection systems: Formal reasoning and practical techniques. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 59–68. ACM, New York (2006)Google Scholar
  11. 11.
    Fridrich, J.: Steganography in Digital Media: Principles, Algorithms, and Applications. Cambridge University Press (2009)Google Scholar
  12. 12.
    Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. nash in security games: An extended investigation of interchangeability, equivalence, and uniqueness. Journal of Artificial Intelligence Research 41(2), 297–327 (2011)zbMATHMathSciNetGoogle Scholar
  13. 13.
    Kutter, M., Petitcolas, F.A.: Fair benchmark for image watermarking systems. In: Electronic Imaging 1999, pp. 226–239. International Society for Optics and Photonics (1999)Google Scholar
  14. 14.
    Lemke, C.E., Howson Jr, J.T.: Equilibrium points of bimatrix games. Journal of the Society for Industrial & Applied Mathematics 12(2), 413–423 (1964)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Mangasarian, O.L.: Equilibrium points of bimatrix games. Journal of the Society for Industrial & Applied Mathematics 12(4), 778–780 (1964)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    McKelvey, R.D., McLennan, A.M., Turocy, T.L.: Gambit: Software tools for game theory, version 13.1.1 (2013),
  17. 17.
    Ogwueleka, F.N.: Data mining application in credit-card fraud detection system. Journal of Engineering Science and Technology 6(3), 311–322 (2011)Google Scholar
  18. 18.
    Paruchuri, P., Pearce, J.P., Marecki, J., Tambe, M., Ordóñez, F., Kraus, S.: Efficient algorithms to solve bayesian stackelberg games for security applications. In: AAAI, pp. 1559–1562 (2008)Google Scholar
  19. 19.
    Pevny, T., Rehak, M., Grill, M.: Detecting anomalous network hosts by means of pca. In: 2012 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 103–108 (December 2012)Google Scholar
  20. 20.
    Provost, F., Fawcett, T.: Robust classification for imprecise environments. Mach. Learn. 42(3), 203–231 (2001)CrossRefzbMATHGoogle Scholar
  21. 21.
    Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press (2011)Google Scholar
  22. 22.
    Von Stengel, B., Zamir, S.: Leadership with commitment to mixed strategies. Tech. Rep. LSE-CDAM-2004-01, Centre for Discrete and Applicable Mathematics, London School of Economics and Political Science (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Viliam Lisý
    • 1
  • Robert Kessl
    • 1
  • Tomáš Pevný
    • 1
  1. 1.Agent Technology Center, Department of Computer Science, Faculty of Electrical EngineeringCzech Technical University in PraguePragueCzech Republic

Personalised recommendations