Is Data Clustering in Adversarial Settings Secure?
This addresses a security problem for applications relying on clustering to detect illicit activities, but it is incremental as it builds on existing adversarial attack frameworks.
The paper tackles the problem of clustering algorithms being vulnerable to adversarial attacks in security applications, showing that attackers can significantly poison the clustering process by adding a small percentage of manipulated samples, with experiments on malware and handwritten digits.
Clustering algorithms have been increasingly adopted in security applications to spot dangerous or illicit activities. However, they have not been originally devised to deal with deliberate attack attempts that may aim to subvert the clustering process itself. Whether clustering can be safely adopted in such settings remains thus questionable. In this work we propose a general framework that allows one to identify potential attacks against clustering algorithms, and to evaluate their impact, by making specific assumptions on the adversary's goal, knowledge of the attacked system, and capabilities of manipulating the input data. We show that an attacker may significantly poison the whole clustering process by adding a relatively small percentage of attack samples to the input data, and that some attack samples may be obfuscated to be hidden within some existing clusters. We present a case study on single-linkage hierarchical clustering, and report experiments on clustering of malware samples and handwritten digits.