Defending Against Adversarial Machine Learning
This addresses security vulnerabilities in machine learning systems against adversarial attacks, though it appears incremental as it builds on existing defense strategies like model switching and distribution monitoring.
The paper tackles defending systems against adversarial machine learning attacks by analyzing an Authorship Attribution System that uses random model switching and distribution change detection to protect against attacks targeting three different machine learning models (RBF SVM, Linear SVM, and Feedforward Neural Network). The system evolves feature masks using accuracy as fitness and achieves defense by identifying anomalous inputs and randomly switching feature masks.
An Adversarial System to attack and an Authorship Attribution System (AAS) to defend itself against the attacks are analyzed. Defending a system against attacks from an adversarial machine learner can be done by randomly switching between models for the system, by detecting and reacting to changes in the distribution of normal inputs, or by using other methods. Adversarial machine learning is used to identify a system that is being used to map system inputs to outputs. Three types of machine learners are using for the model that is being attacked. The machine learners that are used to model the system being attacked are a Radial Basis Function Support Vector Machine, a Linear Support Vector Machine, and a Feedforward Neural Network. The feature masks are evolved using accuracy as the fitness measure. The system defends itself against adversarial machine learning attacks by identifying inputs that do not match the probability distribution of normal inputs. The system also defends itself against adversarial attacks by randomly switching between the feature masks being used to map system inputs to outputs.