Countering adversarial evasion in regression analysis
This work addresses security vulnerabilities in regression models for applications like spam filtering and malware detection, representing an incremental extension of existing methods from classification to regression.
The paper tackles the problem of adversarial evasion in regression analysis, where adversaries manipulate data to influence prediction models, by proposing a pessimistic bilevel optimization program that removes assumptions about convexity and uniqueness of the adversary's strategy, achieving improved resilience in regression scenarios.
Adversarial machine learning challenges the assumption that the underlying distribution remains consistent throughout the training and implementation of a prediction model. In particular, adversarial evasion considers scenarios where adversaries adapt their data to influence particular outcomes from established prediction models, such scenarios arise in applications such as spam email filtering, malware detection and fake-image generation, where security methods must be actively updated to keep up with the ever-improving generation of malicious data. Game theoretic models have been shown to be effective at modelling these scenarios and hence training resilient predictors against such adversaries. Recent advancements in the use of pessimistic bilevel optimsiation which remove assumptions about the convexity and uniqueness of the adversary's optimal strategy have proved to be particularly effective at mitigating threats to classifiers due to its ability to capture the antagonistic nature of the adversary. However, this formulation has not yet been adapted to regression scenarios. This article serves to propose a pessimistic bilevel optimisation program for regression scenarios which makes no assumptions on the convexity or uniqueness of the adversary's solutions.