On Security and Sparsity of Linear Classifiers for Adversarial Settings
This addresses the problem of securing linear classifiers against adversarial attacks for embedded and mobile systems, representing an incremental advancement in robust optimization.
The paper tackles the vulnerability of linear classifiers to adversarial evasion attacks in security applications like spam and malware detection, proposing a novel octagonal regularizer that empirically improves both security and sparsity, with concrete gains demonstrated in real-world examples.
Machine-learning techniques are widely used in security-related applications, like spam and malware detection. However, in such settings, they have been shown to be vulnerable to adversarial attacks, including the deliberate manipulation of data at test time to evade detection. In this work, we focus on the vulnerability of linear classifiers to evasion attacks. This can be considered a relevant problem, as linear classifiers have been increasingly used in embedded systems and mobile devices for their low processing time and memory requirements. We exploit recent findings in robust optimization to investigate the link between regularization and security of linear classifiers, depending on the type of attack. We also analyze the relationship between the sparsity of feature weights, which is desirable for reducing processing cost, and the security of linear classifiers. We further propose a novel octagonal regularizer that allows us to achieve a proper trade-off between them. Finally, we empirically show how this regularizer can improve classifier security and sparsity in real-world application examples including spam and malware detection.