Evasion Attack of Multi-class Linear Classifiers

  • Han Xiao
  • Thomas Stibor
  • Claudia Eckert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7301)


Machine learning has yield significant advances in decision-making for complex systems, but are they robust against adversarial attacks? We generalize the evasion attack problem to the multi-class linear classifiers, and present an efficient algorithm for approximating the optimal disguised instance. Experiments on real-world data demonstrate the effectiveness of our method.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ball, K.: Cube slicing in ℝn. Proc. American Mathematical Society 97(3), 465–473 (1986)zbMATHGoogle Scholar
  2. 2.
    Barbara, D., Jajodia, S.: Applications of data mining in computer security. Springer (2002)Google Scholar
  3. 3.
    Bratko, A., Filipič, B., Cormack, G., Lynam, T., Zupan, B.: Spam filtering using statistical data compression models. JMLR 7, 2673–2698 (2006)zbMATHGoogle Scholar
  4. 4.
    Crammer, K., Singer, Y.: On the learnability and design of output codes for multiclass problems. Machine Learning 47(2), 201–233 (2002)zbMATHCrossRefGoogle Scholar
  5. 5.
    Dalvi, N., Domingos, P., et al.: Adversarial classification. In: Proc. 10th SIGKDD, pp. 99–108. ACM (2004)Google Scholar
  6. 6.
    Fan, R.E., Chang, K.W., Hsieh, C.J., Wang, X.R., Lin, C.J.: LIBLINEAR: A library for large linear classification. JMLR 9, 1871–1874 (2008)zbMATHGoogle Scholar
  7. 7.
    Fumera, G., Pillai, I., Roli, F.: Spam filtering based on the analysis of text information embedded into images. JMLR 7, 2699–2720 (2006)Google Scholar
  8. 8.
    Grünbaum, B.: Convex polytopes, vol. 221. Springer (2003)Google Scholar
  9. 9.
    Keerthi, S., Sundararajan, S., Chang, K., Hsieh, C., Lin, C.: A sequential dual method for large scale multi-class linear svms. In: Proc. 14th SIGKDD, pp. 408–416. ACM (2008)Google Scholar
  10. 10.
    Lowd, D., Meek, C.: Adversarial learning. In: Proc. 11th SIGKDD, pp. 641–647. ACM (2005)Google Scholar
  11. 11.
    Lowd, D., Meek, C.: Good word attacks on statistical spam filters. In: Proc. 2nd Conference on Email and Anti-Spam, pp. 125–132 (2005)Google Scholar
  12. 12.
    Maloof, M.: Machine learning and data mining for computer security: methods and applications. Springer (2006)Google Scholar
  13. 13.
    Nelson, B., Rubinstein, B.I.P., Huang, L., Joseph, A.D., Hon Lau, S., Lee, S., Rao, S., Tran, A., Tygar, J.D.: Near-optimal evasion of convex-inducing classifiers. In: Proc. 13th AISTATS (2010)Google Scholar
  14. 14.
    Rockafellar, R.: Convex analysis, vol. 28. Princeton Univ. Pr. (1997)Google Scholar
  15. 15.
    Santaló, L.: Integral geometry and geometric probability. Cambridge Univ. Pr. (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Han Xiao
    • 1
    • 2
  • Thomas Stibor
    • 2
  • Claudia Eckert
    • 2
  1. 1.CeDoSIA of TUM Graduate SchoolTechnische Universität MünchenGermany
  2. 2.IT SecurityTechnische Universität MünchenGermany

Personalised recommendations