Apply randomization in KNN to make the adversary harder to attack the classifier

Adversarial pattern classification has been proposed in. In adversarial pattern classification, an adversary wants to change the attributes of an instance to let the classifier make a wrong classification to gain utility. But to disguise an instance an adversary has to pay a cost. The adversary will never do this if the cost is higher than the utility. Adversarial classification systems include examples such as biometric personal authentication, intrusion detection in computer networks and spam filtering. Several methods have been proposed to tackle adversarial pattern classification problem using multiple classifiers and randomization methodology. In this paper, we apply the adversarial pattern classification model to KNN classifier. We assume the existence of an adversary in the KNN classifier and add randomization into the KNN classifier. Experiments to simulate the two-player game between classifier and adversary were perform. Experimental results show that adding randomization could make the adversary harder to attack the classifier.