Adversarial label flips attack on support vector machines

Han Xiao; Huang Xiao; Claudia Eckert

doi:10.3233/978-1-61499-098-7-870

Adversarial label flips attack on support vector machines

Han Xiao, Huang Xiao, Claudia Eckert

Informatics 20 - Chair of IT Security

Technical University of Munich

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

176 Scopus citations

Abstract

To develop a robust classification algorithm in the adversarial setting, it is important to understand the adversary's strategy. We address the problem of label flips attack where an adversary contaminates the training set through flipping labels. By analyzing the objective of the adversary, we formulate an optimization framework for finding the label flips that maximize the classification error. An algorithm for attacking support vector machines is derived. Experiments demonstrate that the accuracy of classifiers is significantly degraded under the attack.

Original language	English
Title of host publication	ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration
Publisher	IOS Press BV
Pages	870-875
Number of pages	6
ISBN (Print)	9781614990970
DOIs	https://doi.org/10.3233/978-1-61499-098-7-870
State	Published - 2012
Event	20th European Conference on Artificial Intelligence, ECAI 2012 - Montpellier, France Duration: 27 Aug 2012 → 31 Aug 2012

Publication series

Name	Frontiers in Artificial Intelligence and Applications
Volume	242
ISSN (Print)	0922-6389
ISSN (Electronic)	1879-8314

Conference

Conference	20th European Conference on Artificial Intelligence, ECAI 2012
Country/Territory	France
City	Montpellier
Period	27/08/12 → 31/08/12

Access to Document

10.3233/978-1-61499-098-7-870

Cite this

Xiao, H., Xiao, H., & Eckert, C. (2012). Adversarial label flips attack on support vector machines. In ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration (pp. 870-875). (Frontiers in Artificial Intelligence and Applications; Vol. 242). IOS Press BV. https://doi.org/10.3233/978-1-61499-098-7-870

Xiao, Han ; Xiao, Huang ; Eckert, Claudia. / Adversarial label flips attack on support vector machines. ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration. IOS Press BV, 2012. pp. 870-875 (Frontiers in Artificial Intelligence and Applications).

@inproceedings{2de16f8eb29e4273b5adf9c4591e17ec,

title = "Adversarial label flips attack on support vector machines",

abstract = "To develop a robust classification algorithm in the adversarial setting, it is important to understand the adversary's strategy. We address the problem of label flips attack where an adversary contaminates the training set through flipping labels. By analyzing the objective of the adversary, we formulate an optimization framework for finding the label flips that maximize the classification error. An algorithm for attacking support vector machines is derived. Experiments demonstrate that the accuracy of classifiers is significantly degraded under the attack.",

author = "Han Xiao and Huang Xiao and Claudia Eckert",

year = "2012",

doi = "10.3233/978-1-61499-098-7-870",

language = "English",

isbn = "9781614990970",

series = "Frontiers in Artificial Intelligence and Applications",

publisher = "IOS Press BV",

pages = "870--875",

booktitle = "ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration",

note = "20th European Conference on Artificial Intelligence, ECAI 2012 ; Conference date: 27-08-2012 Through 31-08-2012",

}

Xiao, H, Xiao, H & Eckert, C 2012, Adversarial label flips attack on support vector machines. in ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration. Frontiers in Artificial Intelligence and Applications, vol. 242, IOS Press BV, pp. 870-875, 20th European Conference on Artificial Intelligence, ECAI 2012, Montpellier, France, 27/08/12. https://doi.org/10.3233/978-1-61499-098-7-870

Adversarial label flips attack on support vector machines. / Xiao, Han; Xiao, Huang; Eckert, Claudia.
ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration. IOS Press BV, 2012. p. 870-875 (Frontiers in Artificial Intelligence and Applications; Vol. 242).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adversarial label flips attack on support vector machines

AU - Xiao, Han

AU - Xiao, Huang

AU - Eckert, Claudia

PY - 2012

Y1 - 2012

N2 - To develop a robust classification algorithm in the adversarial setting, it is important to understand the adversary's strategy. We address the problem of label flips attack where an adversary contaminates the training set through flipping labels. By analyzing the objective of the adversary, we formulate an optimization framework for finding the label flips that maximize the classification error. An algorithm for attacking support vector machines is derived. Experiments demonstrate that the accuracy of classifiers is significantly degraded under the attack.

AB - To develop a robust classification algorithm in the adversarial setting, it is important to understand the adversary's strategy. We address the problem of label flips attack where an adversary contaminates the training set through flipping labels. By analyzing the objective of the adversary, we formulate an optimization framework for finding the label flips that maximize the classification error. An algorithm for attacking support vector machines is derived. Experiments demonstrate that the accuracy of classifiers is significantly degraded under the attack.

UR - http://www.scopus.com/inward/record.url?scp=84878781560&partnerID=8YFLogxK

U2 - 10.3233/978-1-61499-098-7-870

DO - 10.3233/978-1-61499-098-7-870

M3 - Conference contribution

AN - SCOPUS:84878781560

SN - 9781614990970

T3 - Frontiers in Artificial Intelligence and Applications

SP - 870

EP - 875

BT - ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration

PB - IOS Press BV

T2 - 20th European Conference on Artificial Intelligence, ECAI 2012

Y2 - 27 August 2012 through 31 August 2012

ER -

Xiao H, Xiao H, Eckert C. Adversarial label flips attack on support vector machines. In ECAI 2012 - 20th European Conference on Artificial Intelligence, 27-31 August 2012, Montpellier, France - Including Prestigious Applications of Artificial Intelligence (PAIS-2012) System Demonstration. IOS Press BV. 2012. p. 870-875. (Frontiers in Artificial Intelligence and Applications). doi: 10.3233/978-1-61499-098-7-870

Adversarial label flips attack on support vector machines

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this