摘要
在对抗性学习中,攻击者在非法目的的驱使下,通过探索分类器的漏洞并利用漏洞,使得恶意样本逃过分类器的检测。目前,对抗性学习已被广泛应用于计算机网络中的入侵检测、垃圾邮件过滤和生物识别等领域。现有研究者仅把现有的集成方法应用在对抗性分类中,并证明了多分类器比单分类器更鲁棒。然而,在对抗性学习中,攻击者的先验信息对分类器的鲁棒性有较大的影响。基于此,通过在学习过程中模拟不同强度的攻击,并增大错分样本的权重,提出的多强度攻击下的对抗逃避攻击集成学习算法可以在保持多分类器准确性的同时提高鲁棒性。将其与Bagging集成的多分类器进行比较,结果表明所提算法具有更强的鲁棒性。最后,分析了算法的收敛性以及参数对算法的影响。
Driven by the illegal purpose,attackers often exploit the vulnerability of the classifier to make the malicious samples free of detection in adversarial learning.At present,adversarial learning has been widely used in computer network intrusion detection,spam filtering,biometrics identification and other fields.Many researchers only apply the existing ensemble methods in adversarial learning,and prove that multiple classi-fiers are more robust than single classifier.However,priori information about the attacker has a great influence on the robustness of the classifier in adversarial learning.Based on this situation,by simulating different strength of attack in learning process and increasing the weight of the misclassified sample,the robustness of the multiple classifiers can be improved with maintaining the accuracy.The experimental results show that the ensemble algorithm against evasion attack with different strength of attack is more robust than Bagging.Finally,the convergence of the algorithm and the influence of parameter on the algorithm were analyzed.
出处
《计算机科学》
CSCD
北大核心
2018年第1期34-38,46,共6页
Computer Science
基金
国家自然科学基金(61672332
61322211
61432011
U1435212)
教育部新世纪优秀人才支持计划(NCET-12-1031)
山西省教育厅高等学校中青年拔尖创新人才支持计划
山西省"三晋学者"特聘教授资助
关键词
对抗性学习
逃避攻击
多分类器
鲁棒性
Adversarial learning
Evasion attacks
Multiple classifier systems
Robustness
