Colloquium Details
Adversarial Machine Learning
| Author: | Daniel Lowd University of Oregon |
|---|---|
| Date: | November 12, 2009 |
| Time: | 15:30 |
| Location: | 220 Deschutes |
| Host: | Andrzej Proskurowski |
Abstract
As classifiers are deployed to detect malicious behavior ranging from spam to terrorism, adversaries modify their behaviors to avoid detection. This makes the very behavior the classifier is trying to detect a function of the classifier itself. Learners that account for concept drift are not sufficient since they do not allow the change in concept to depend on the classifier. As a result, humans must adapt the classifier with each new attack. Ideally, we would like to see classifiers that are resistant to attack and that respond to successful attacks automatically.
In this talk, I argue that the development of such classifiers requires new frameworks combining machine learning and game theory, taking into account the utilities and costs of both the classification system and its adversary. We have recently developed such a framework that allows us to identify weaknesses in classification systems, predict how an adversary could exploit them, and even deploy preemptive defenses against these exploits. Although theoretically motivated, these methods achieve excellent empirical results in realistic email spam filtering domains.
This talk is based on work done with Chris Meek at Microsoft Research and on previous work by Nilesh Dalvi, Pedro Domingos, Mausam, Sumit Sanghai, and Deepak Verma.
Biography
Daniel Lowd is an Assistant Professor in the Department of Computer and Information Science at the University of Oregon. His research covers a range of topics in statistical machine learning, including statistical relational representations, unifying learning and inference, and adversarial machine learning applications (e.g., spam filtering). In 2009, he coauthored book on Markov logic with Pedro Domingos, published by Morgan & Claypool. He is also the recipient of graduate research fellowships from the National Science Foundation and Microsoft Research.