Title :
Apply randomization in KNN to make the adversary harder to attack the classifier
Author :
Yu, Hui ; Chan, Patrick P K ; Ng, Wing W Y ; Yeung, Daniel S.
Author_Institution :
Machine Learning & Cybern. Res. Center, South China Univ. of Technol., Guangzhou, China
Abstract :
Adversarial pattern classification has been proposed in. In adversarial pattern classification, an adversary wants to change the attributes of an instance to let the classifier make a wrong classification to gain utility. But to disguise an instance an adversary has to pay a cost. The adversary will never do this if the cost is higher than the utility. Adversarial classification systems include examples such as biometric personal authentication, intrusion detection in computer networks and spam filtering. Several methods have been proposed to tackle adversarial pattern classification problem using multiple classifiers and randomization methodology. In this paper, we apply the adversarial pattern classification model to KNN classifier. We assume the existence of an adversary in the KNN classifier and add randomization into the KNN classifier. Experiments to simulate the two-player game between classifier and adversary were perform. Experimental results show that adding randomization could make the adversary harder to attack the classifier.
Keywords :
learning (artificial intelligence); pattern classification; KNN classifier; adversarial pattern classification; randomization; Accuracy; Classification algorithms; Cybernetics; Data mining; Machine learning; Pattern classification; Presses; Adversarial pattern classification; Attack; KNN; Randomization;
Conference_Titel :
Machine Learning and Cybernetics (ICMLC), 2010 International Conference on
Conference_Location :
Qingdao
Print_ISBN :
978-1-4244-6526-2
DOI :
10.1109/ICMLC.2010.5581070
