Article: Using domain adaptation in adversarial environment Journal: International Journal of Data Mining, Modelling and Management (IJDMMM) 2017 Vol.9 No.3 pp.201 - 219 Abstract: There is an inherent adversarial nature in security applications like malware detection systems that intends to mislead the detection system. This adversarial nature makes security applications different from the classical machine-learning problem. For instance, an adversary (attacker) might violate the data stationary assumption that is a common assumption in machine learning techniques. This problem, named as the domain shift problem, arises when training and test data follow different distributions. Previous studies proposed an adversary-aware feature selection algorithm to improve robustness of the learning systems. However, prior studies in domain adaptation techniques which are fundamental in addressing domain shift problem demonstrate that original space may not be directly suitable for refining this distribution mismatch, because some features may have been distorted by the domain shift. In this paper, we propose an adversarial-aware feature extraction (AFE) model based on domain adaptation technique in order to address domain shift problem. The experimental results acknowledge that our model effectively improves the robustness of the learning system under attack. Inderscience Publishers - linking academia, business and industry through research

Title: Using domain adaptation in adversarial environment

Authors: Zeinab Khorshidpour; Jafar Tahmoresnezhad; Sattar Hashemi; Ali Hamzeh

Addresses: Department of Computer Science, Engineering, and Information Technology, School of Electrical and Computer Engineering, Shiraz University, Iran ' Department of Computer Science, Engineering, and Information Technology, School of Electrical and Computer Engineering, Shiraz University, Iran ' Department of Computer Science, Engineering, and Information Technology, School of Electrical and Computer Engineering, Shiraz University, Iran ' Department of Computer Science, Engineering, and Information Technology, School of Electrical and Computer Engineering, Shiraz University, Iran

Abstract: There is an inherent adversarial nature in security applications like malware detection systems that intends to mislead the detection system. This adversarial nature makes security applications different from the classical machine-learning problem. For instance, an adversary (attacker) might violate the data stationary assumption that is a common assumption in machine learning techniques. This problem, named as the domain shift problem, arises when training and test data follow different distributions. Previous studies proposed an adversary-aware feature selection algorithm to improve robustness of the learning systems. However, prior studies in domain adaptation techniques which are fundamental in addressing domain shift problem demonstrate that original space may not be directly suitable for refining this distribution mismatch, because some features may have been distorted by the domain shift. In this paper, we propose an adversarial-aware feature extraction (AFE) model based on domain adaptation technique in order to address domain shift problem. The experimental results acknowledge that our model effectively improves the robustness of the learning system under attack.

Keywords: machine learning; adversarial environment; adversary; evasion attack; domain shift; domain adaptation.

DOI: 10.1504/IJDMMM.2017.086578

International Journal of Data Mining, Modelling and Management, 2017 Vol.9 No.3, pp.201 - 219

Received: 13 Oct 2016
Accepted: 09 Jan 2017
Published online: 12 Sep 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Using domain adaptation in adversarial environment

Keep up-to-date