Causative label flip attack detection with data complexity measures

A causative attack which manipulates training samples to mislead learning is a common attack scenario. Current countermeasures reduce the influence of the attack to a classifier with the loss of generalization ability. Therefore, the collected samples should be analyzed carefully. Most countermeasur...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of machine learning and cybernetics Vol. 12; no. 1; pp. 103 - 116
Main Authors Chan, Patrick P. K., He, Zhimin, Hu, Xian, Tsang, Eric C. C., Yeung, Daniel S., Ng, Wing W. Y.
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 2021
Springer Nature B.V
Subjects
Accuracy
Artificial Intelligence
Classification
Classifiers
Complex Systems
Complexity
Computational Intelligence
Control
Datasets
Engineering
Learning
Mechatronics
Neural networks
Original Article
Pattern Recognition
Robotics
Robustness
Security systems
Support vector machines
Systems Biology
Taxonomy
Data complexity
Label flip attack
Causative attack detection
Adversarial learning
Online AccessGet full text

Cover

Abstract A causative attack which manipulates training samples to mislead learning is a common attack scenario. Current countermeasures reduce the influence of the attack to a classifier with the loss of generalization ability. Therefore, the collected samples should be analyzed carefully. Most countermeasures of current causative attack focus on data sanitization and robust classifier design. To our best knowledge, there is no work to determinate whether a given dataset is contaminated by a causative attack. In this study, we formulate a causative attack detection as a 2-class classification problem in which a sample represents a dataset quantified by data complexity measures, which describe the geometrical characteristics of data. As geometrical natures of a dataset are changed by a causative attack, we believe data complexity measures provide useful information for causative attack detection. Furthermore, a two-step secure classification model is proposed to demonstrate how the proposed causative attack detection improves the robustness of learning. Either a robust or traditional learning method is used according to the existence of causative attack. Experimental results illustrate that data complexity measures separate untainted datasets from attacked ones clearly, and confirm the promising performance of the proposed methods in terms of accuracy and robustness. The results consistently suggest that data complexity measures provide the crucial information to detect causative attack, and are useful to increase the robustness of learning.
AbstractList A causative attack which manipulates training samples to mislead learning is a common attack scenario. Current countermeasures reduce the influence of the attack to a classifier with the loss of generalization ability. Therefore, the collected samples should be analyzed carefully. Most countermeasures of current causative attack focus on data sanitization and robust classifier design. To our best knowledge, there is no work to determinate whether a given dataset is contaminated by a causative attack. In this study, we formulate a causative attack detection as a 2-class classification problem in which a sample represents a dataset quantified by data complexity measures, which describe the geometrical characteristics of data. As geometrical natures of a dataset are changed by a causative attack, we believe data complexity measures provide useful information for causative attack detection. Furthermore, a two-step secure classification model is proposed to demonstrate how the proposed causative attack detection improves the robustness of learning. Either a robust or traditional learning method is used according to the existence of causative attack. Experimental results illustrate that data complexity measures separate untainted datasets from attacked ones clearly, and confirm the promising performance of the proposed methods in terms of accuracy and robustness. The results consistently suggest that data complexity measures provide the crucial information to detect causative attack, and are useful to increase the robustness of learning.
Author Hu, Xian
Ng, Wing W. Y.
He, Zhimin
Yeung, Daniel S.
Chan, Patrick P. K.
Tsang, Eric C. C.
Author_xml – sequence: 1
  givenname: Patrick P. K.
  surname: Chan
  fullname: Chan, Patrick P. K.
  organization: School of Computer Science and Engineering, South China University of Technology
– sequence: 2
  givenname: Zhimin
  surname: He
  fullname: He, Zhimin
  email: zhmihe@gmail.com
  organization: School of Electronic and Information Engineering, Foshan University
– sequence: 3
  givenname: Xian
  surname: Hu
  fullname: Hu, Xian
  organization: Tencent
– sequence: 4
  givenname: Eric C. C.
  surname: Tsang
  fullname: Tsang, Eric C. C.
  organization: Faculty of Information Technology, Macau University of Science and Technology
– sequence: 5
  givenname: Daniel S.
  surname: Yeung
  fullname: Yeung, Daniel S.
– sequence: 6
  givenname: Wing W. Y.
  surname: Ng
  fullname: Ng, Wing W. Y.
  organization: School of Computer Science and Engineering, South China University of Technology
BookMark eNp9kE1LxDAQhoOs4LruH_AU8FydSdqmPUrxCxa8KHgLaZJq136ZpOr-e7tW9OZcZg7P-w48x2TR9Z0l5BThHAHEhUcOMYuAQQSISR6JA7LELM2iDLKnxe8t8Iisvd_CNClwDmxJikKNXoX63dJGlbahVVMPVIWg9Cs1Nlgd6r6jH3V4oUYFRXXfDo39rMOOtlb50Vl_Qg4r1Xi7_tkr8nh99VDcRpv7m7vichNpjlmImNElGgSONjEQW0gFFzxnrMwrNCZhJSZVVUGptFFJzCDmGjJVxmmepaVK-Iqczb2D699G64Pc9qPrppeS5ZhzkQu2p9hMadd772wlB1e3yu0kgtz7krMvOfmS376kmEJ8DvkJ7p6t-6v-J_UFb6du7w
Cites_doi 10.1007/s10994-010-5188-5
10.1016/j.patcog.2014.05.003
10.1109/34.990132
10.1145/1081870.1081950
10.1109/SP.2017.49
10.1016/j.patcog.2012.07.009
10.1109/TEVC.2004.840153
10.1007/s13042-010-0007-7
10.1145/1541880.1541882
10.1145/1014052.1014066
10.1007/s100440200009
10.1109/EuroSP.2016.36
10.1016/j.patcog.2018.07.023
10.1007/11856214_4
10.1007/978-3-030-01258-8_10
10.1145/2046684.2046692
10.1109/ICWAPR.2015.7295946
10.1016/j.neucom.2014.08.081
10.1109/TNN.2002.1031953
10.1145/2420950.2420987
10.1007/978-3-642-40994-3_25
10.1109/TKDE.2013.57
10.1007/978-3-319-20248-8_15
10.1109/ICDE.2007.367917
10.1016/j.patcog.2004.11.012
10.1007/s13042-015-0348-3
10.1145/1315245.1315288
10.1145/1644893.1644895
10.1016/j.ins.2011.09.022
10.1145/1030194.1015492
10.1007/s13042-016-0629-5
10.1145/3219819.3220078
10.1109/SP.2008.11
10.1109/TC.1968.229395
10.1145/1330107.1330147
10.1007/978-3-642-21557-5_37
10.1109/TEVC.2019.2890858
10.1145/1553374.1553404
10.1145/3052973.3053009
10.1007/s10044-007-0061-2
10.1002/sam.10054
10.1145/3190619.3190637
10.1145/1128817.1128824
10.1109/TCYB.2015.2415032
ContentType Journal Article
Copyright Springer-Verlag GmbH Germany, part of Springer Nature 2020
Springer-Verlag GmbH Germany, part of Springer Nature 2020.
Copyright_xml – notice: Springer-Verlag GmbH Germany, part of Springer Nature 2020
– notice: Springer-Verlag GmbH Germany, part of Springer Nature 2020.
DBID AAYXX
CITATION
8FE
8FG
ABJCF
AFKRA
ARAPS
AZQEC
BENPR
BGLVJ
CCPQU
DWQXO
GNUQQ
HCIFZ
JQ2
K7-
L6V
M7S
P5Z
P62
PQEST
PQQKQ
PQUKI
PTHSS
DOI 10.1007/s13042-020-01159-7
DatabaseName CrossRef
ProQuest SciTech Collection
ProQuest Technology Collection
Materials Science & Engineering Database (Proquest)
ProQuest Central
Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Central
Technology Collection
ProQuest One Community College
ProQuest Central Korea
ProQuest Central Student
SciTech Premium Collection
ProQuest Computer Science Collection
Computer Science Database
ProQuest Engineering Collection
Engineering Database
Advanced Technologies & Aerospace Database
ProQuest Advanced Technologies & Aerospace Collection
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Academic
ProQuest One Academic UKI Edition
Engineering Collection
DatabaseTitle CrossRef
Advanced Technologies & Aerospace Collection
Engineering Database
Computer Science Database
ProQuest Central Student
Technology Collection
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Computer Science Collection
ProQuest One Academic Eastern Edition
SciTech Premium Collection
ProQuest One Community College
ProQuest Technology Collection
ProQuest SciTech Collection
ProQuest Central
Advanced Technologies & Aerospace Database
ProQuest Engineering Collection
ProQuest One Academic UKI Edition
ProQuest Central Korea
Materials Science & Engineering Collection
ProQuest One Academic
Engineering Collection
DatabaseTitleList
Advanced Technologies & Aerospace Collection
Database_xml – sequence: 1
  dbid: 8FG
  name: ProQuest Technology Collection
  url: https://search.proquest.com/technologycollection1
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Sciences (General)
EISSN 1868-808X
EndPage 116
ExternalDocumentID 10_1007_s13042_020_01159_7
GrantInformation_xml – fundername: National Natural Science Foundation of China
  grantid: 61802061
  funderid: http://dx.doi.org/10.13039/501100001809
– fundername: Natural Science Foundation of Guangdong Province
  grantid: 2018A030313203
– fundername: Fundamental Research Funds for the Central Universities
  grantid: 2018ZD32
  funderid: http://dx.doi.org/10.13039/501100012226
– fundername: Project of Department of Education of Guangdong Province
  grantid: 2017KQNCX216
GroupedDBID -EM
06D
0R~
0VY
1N0
203
29~
2JY
2VQ
30V
4.4
406
408
409
40D
96X
AAFGU
AAHNG
AAIAL
AAJKR
AANZL
AAPBV
AARHV
AARTL
AATNV
AATVU
AAUYE
AAWCG
AAYFA
AAYIU
AAYQN
AAYTO
AAZMS
ABBXA
ABDZT
ABECU
ABFGW
ABFTD
ABFTV
ABHQN
ABJNI
ABJOX
ABKAS
ABKCH
ABMQK
ABQBU
ABSXP
ABTEG
ABTHY
ABTKH
ABTMW
ABULA
ABWNU
ABXPI
ACBMV
ACBRV
ACBYP
ACGFS
ACHSB
ACIGE
ACIPQ
ACKNC
ACMLO
ACOKC
ACTTH
ACVWB
ACWMK
ADHHG
ADHIR
ADINQ
ADKNI
ADKPE
ADMDM
ADOXG
ADRFC
ADTPH
ADURQ
ADYFF
ADZKW
AEBTG
AEFTE
AEGNC
AEJHL
AEJRE
AENEX
AEOHA
AEPYU
AESKC
AESTI
AETCA
AEVLU
AEVTX
AEXYK
AFLOW
AFNRJ
AFQWF
AFWTZ
AFZKB
AGAYW
AGDGC
AGGBP
AGJBK
AGMZJ
AGQMX
AGWZB
AGYKE
AHAVH
AHBYD
AHKAY
AHSBF
AHYZX
AIAKS
AIIXL
AILAN
AIMYW
AITGF
AJBLW
AJDOV
AJRNO
AJZVZ
AKLTO
AKQUC
ALFXC
ALMA_UNASSIGNED_HOLDINGS
AMKLP
AMXSW
AMYLF
AMYQR
ANMIH
AUKKA
AXYYD
AYJHY
BGNMA
CSCUP
DNIVK
DPUIP
EBLON
EBS
EIOEI
EJD
ESBYG
FERAY
FIGPU
FINBP
FNLPD
FRRFC
FSGXE
FYJPI
GGCAI
GGRSB
GJIRD
GQ6
GQ7
GQ8
HMJXF
HQYDN
HRMNR
HZ~
I0C
IKXTQ
IWAJR
IXD
IZIGR
J-C
J0Z
JBSCW
JCJTX
JZLTJ
KOV
LLZTM
M4Y
NPVJJ
NQJWS
NU0
O9-
O93
O9J
P2P
P9P
PT4
QOS
R89
R9I
RLLFE
ROL
RSV
S27
S3B
SEG
SHX
SISQX
SNE
SNPRN
SNX
SOHCF
SOJ
SPISZ
SRMVM
SSLCW
STPWE
T13
TSG
U2A
UG4
UOJIU
UTJUX
UZXMN
VC2
VFIZW
W48
WK8
Z45
Z7R
Z7S
Z7X
Z7Y
Z7Z
Z83
Z88
ZMTXR
~A9
AACDK
AAJBT
AASML
AAYXX
ABAKF
ABJCF
ACAOD
ACDTI
ACZOJ
AEFQL
AEMSY
AFBBN
AFKRA
AGQEE
AGRTI
AIGIU
ARAPS
BENPR
BGLVJ
CCPQU
CITATION
H13
HCIFZ
K7-
M7S
PTHSS
SJYHP
8FE
8FG
AZQEC
DWQXO
GNUQQ
JQ2
L6V
P62
PQEST
PQQKQ
PQUKI
ID FETCH-LOGICAL-c318t-2dcb1d1031e5d04e067373922b9f1dd52b15fff0bacda542043c08ab46986ba53
IEDL.DBID 8FG
ISSN 1868-8071
IngestDate Thu Oct 10 22:03:58 EDT 2024
Thu Sep 12 18:29:35 EDT 2024
Sat Dec 16 12:10:30 EST 2023
IsPeerReviewed true
IsScholarly true
Issue 1
Keywords Data complexity
Label flip attack
Causative attack detection
Adversarial learning
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c318t-2dcb1d1031e5d04e067373922b9f1dd52b15fff0bacda542043c08ab46986ba53
PQID 2919379725
PQPubID 2043904
PageCount 14
ParticipantIDs proquest_journals_2919379725
crossref_primary_10_1007_s13042_020_01159_7
springer_journals_10_1007_s13042_020_01159_7
PublicationCentury 2000
PublicationDate 1-2021
2021-01-00
20210101
PublicationDateYYYYMMDD 2021-01-01
PublicationDate_xml – year: 2021
  text: 1-2021
PublicationDecade 2020
PublicationPlace Berlin/Heidelberg
PublicationPlace_xml – name: Berlin/Heidelberg
– name: Heidelberg
PublicationTitle International journal of machine learning and cybernetics
PublicationTitleAbbrev Int. J. Mach. Learn. & Cyber
PublicationYear 2021
Publisher Springer Berlin Heidelberg
Springer Nature B.V
Publisher_xml – name: Springer Berlin Heidelberg
– name: Springer Nature B.V
References Biggio B (2010) Adversarial pattern classification. PhD thesis, University of Cagliari, Cagliari (Italy)
MaoKRbf neural network center selection based on fisher ratio class separability measureIEEE Trans Neural Netw20021351211121710.1109/TNN.2002.1031953
Dekel O, Shamir O (2009) Good learners for evil teachers. In: Proceedings of the 26th annual international conference on machine learning, ACM, pp 233–240
XiaoHBiggioBNelsonBXiaoHEckertCRoliFSupport vector machines under adversarial label contaminationNeurocomputing2015160536210.1016/j.neucom.2014.08.081
Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017) Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security, pp 506–519
SmithFWPattern classifier design by linear programmingIEEE Trans Comput1968100436737210.1109/TC.1968.229395
Xiao H, Biggio B, Brown G, Fumera G, Eckert C, Roli F (2015a) Is feature selection secure against training data poisoning? In: Proceedings of The 32nd international conference on machine learning (ICML’15), pp 1689–1698
Bernado-MansillaEHoTKDomain of competence of xcs classifier system in complexity measurement spaceIEEE Trans Evolut Comput2005918210410.1109/TEVC.2004.840153
Zhang F, Chan PP, Tang TQ (2015) L-gem based robust learning against poisoning attack. In: 2015 International conference on wavelet analysis and pattern recognition (ICWAPR), IEEE, pp 175–178
Biggio B, Corona I, Maiorca D, Nelson B, Srndic N, Laskov P, Giacinto G, Roli F (2013) Evasion attacks against machine learning at test time. In: European conference on machine learning and principles and practice of knowledge discovery in databases (ECML PKDD), Springer-Verlag Berlin Heidelberg, vol 8190, pp 387–402
BiggioBFumeraGRoliFSecurity evaluation of pattern classifiers under attackIEEE Trans Knowl Data Eng20142698499610.1109/TKDE.2013.57
BiggioBFumeraGRoliFMultiple classifier systems for robust classifier design in adversarial environmentsInt J Mach Learning Cybernet201011–4274110.1007/s13042-010-0007-7
Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy (SP), IEEE, pp 39–57
Biggio B, Corona I, Fumera G, Giacinto G, Roli F (2011a) Bagging classifiers for fighting poisoning attacks in adversarial classification tasks. In: International workshop on multiple classifier systems. Springer, Berlin, pp 350–359
Li B, Wang Y, Singh A, Vorobeychik Y (2016) Data poisoning attacks on factorization-based collaborative filtering. In: Advances in neural information processing systems, pp 1885–1893
Sahami M, Dumais S, Heckerman D, Horvitz E (1998) A bayesian approach to filtering junk e-mail. In: Learning for text categorization: papers from the 1998 workshop, vol 62, pp 98–105
PekalskaEPaclikPDuinRPWA generalized kernel approach to dissimilarity-based classificationJ Mach Learn Res2002217521119047581037.68127
Chung SP, Mok AK (2006) Allergy attack against automatic signature generation. In: Proceedings of the 9th international conference on recent advances in intrusion detection, Springer-Verlag, RAID’06, pp 61–80
BiggioBRoliFWild patterns: ten years after the rise of adversarial machine learningPattern Recognition20188431733110.1016/j.patcog.2018.07.023
HoTKBasuMComplexity measures of supervised classification problemsIEEE Trans Pattern Anal Mach Intell200224328930010.1109/34.990132
BarrenoMNelsonBJosephADTygarJDThe security of machine learningMach Learning2010812121148310817710.1007/s10994-010-5188-5
Wang Y, Chaudhuri K (2018) Data poisoning attacks against online learning. arXiv preprint arXiv:180808994
DriesARückertUAdaptive concept drift detectionStat Anal Data Mining200925–6311327257047810.1002/sam.10054
HeZMChanPPKYeungDSPedryczWNgWWYQuantification of side-channel information leaks based on data complexity measures for web browsingInt J Mach Learn Cybernet20156460761910.1007/s13042-015-0348-3
Rubinstein BI, Nelson B, Huang L, Joseph AD, Lau Sh, Rao S, Taft N, Tygar J (2009) Antidote: understanding and defending against poisoning of anomaly detectors. In: Proceedings of the 9th ACM SIGCOMM conference on internet measurement conference, ACM, pp 1–14
Fefilatyev S, Shreve M, Kramer K, Hall L, Goldgof D, Kasturi R, Daly K, Remsen A, Bunke H (2012) Label-noise reduction with support vector machines. In: 21st international conference on pattern recognition (ICPR), IEEE, pp 3504–3508
Huang L, Joseph AD, Nelson B, Rubinstein BI, Tygar J (2011) Adversarial machine learning. In: Proceedings of the 4th ACM workshop on Security and artificial intelligence, ACM, pp 43–58
BiggioBCoronaIHeZMChanPPKGiacintoGYeungDSRoliFOne-and-a-half-class multiple classifier systems for secure learning against evasion attacks at test timeInt’l Workshop Multiple Classifier Syst (MCS)2015913216818010.1007/978-3-319-20248-8_15
HoTKA data complexity analysis of comparative advantages of decision forest constructorsPattern Anal Appl200252102112193044110.1007/s100440200009
ZhangFChanPBiggioBYeungDRoliFAdversarial feature selection against evasion attacksIEEE Trans Cybernet20164676677710.1109/TCYB.2015.2415032
SánchezJSMollinedaRASotocaJMAn analysis of how training data complexity affects the nearest neighbor classifiersPattern Anal Appl2007103189201239387910.1007/s10044-007-0061-2
Xiao H, Xiao H, Eckert C (2012) Adversarial label flips attack on support vector machines. 20th European Conference on artificial intelligence (ECAI). Montepellier, France, pp 870–875
Aha DW, Kibler D (1989) Noise-tolerant instance-based learning algorithms. In: Proceedings of the 11th international joint conference on artificial intelligence—Volume 1, Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, IJCAI’89, pp 794–799
SáEzJALuengoJHerreraFPredicting noise filtering efficacy with data complexity measures for nearest neighbor classificationPattern Recognition201346135536410.1016/j.patcog.2012.07.009
Biggio B, Nelson B, Laskov P (2011b) Support vector machines under adversarial label noise. In: Journal of machine learning research—proc. 3rd Asian conference on machine learning (ACML 2011), Taoyuan, Taiwan, vol 20, pp 97–112
Fierrez-AguilarJOrtega-GarciaJGonzalez-RodriguezJBigunJDiscriminative multimodal biometric authentication based on quality measuresPattern Recognition200538577777910.1016/j.patcog.2004.11.012
Nelson B (2010) Behavior of machine learning algorithms in adversarial environments. PhD thesis, EECS Department, University of California, Berkeley
Ramachandran A, Feamster N, Vempala S (2007) Filtering spam with behavioral blacklisting. In: Proceedings of the 14th ACM conference on computer and communications security, ACM, pp 342–351
Lowd D, Meek C (2005) Adversarial learning. In: Proceedings of the eleventh ACM SIGKDD international conference on knowledge discovery in data mining, ACM, New York, NY, USA, KDD ’05, pp 641–647
LuengoJHerreraFShared domains of competence of approximate learning models using measures of separability of classesInform Sci201218514365285287710.1016/j.ins.2011.09.022
LakhinaACrovellaMDiotCDiagnosing network-wide traffic anomaliesACM SIGCOMM Comput Commun Rev ACM20043421923010.1145/1030194.1015492
TuvEBorisovARungerGTorkkolaKFeature selection with ensembles, artificial variables, and redundancy eliminationJ Mach Learn Res200910Jul1341136625348631235.62003
Zügner D, Akbarnejad A, Günnemann S (2018) Adversarial attacks on neural networks for graph data. In: Proceedings of the 24th ACM SIGKDD international conference on knowledge discovery & data mining, ACM, pp 2847–2856
NelsonBBarrenoMChiFJJosephADRubinsteinBISainiUSuttonCATygarJDXiaKExploiting machine learning to subvert your spam filterLEET2008819
BrittoASSabourinROliveiraLEDynamic selection of classifiersa comprehensive reviewPattern Recognition201447113665368010.1016/j.patcog.2014.05.003
Whitehill J, Wu Tf, Bergsma J, Movellan JR, Ruvolo PL (2009) Whose vote should count more: Optimal integration of labels from labelers of unknown expertise. In: Advances in neural information processing systems, pp 2035–2043
Soule A, Salamatian K, Taft N (2005) Combining filtering and statistical methods for anomaly detection. In: Proceedings of the 5th ACM SIGCOMM conference on internet measurement, USENIX Association
ChanPPHeZMLiHHsuCCData sanitization against adversarial label contamination based on data complexityInt J Mach Learn Cybernet2018961039105210.1007/s13042-016-0629-5
Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016) The limitations of deep learning in adversarial settings. In: IEEE European symposium on security and privacy, IEEE, pp 372–387
Kantchelian A, Tygar J, Joseph A (2016) Evasion and hardening of tree ensemble classifiers. In: International conference on machine learning, pp 2387–2396
RoliFBiggioBFumeraGPattern recognition systems under attackProgress in pattern recognition, image analysis, computer vision, and applications2013BerlinSpringer18
Cretu GF, Stavrou A, Locasto ME, Stolfo SJ, Keromytis AD (2008) Casting out demons: sanitizing training data for anomaly sensors. In: Security and privacy, 2008. SP 2008. IEEE symposium on, IEEE, pp 81–95
Biggio B, Nelson B, Laskov P (2012) Poisoning attacks against support vector machines. In: 29th Int’l Conf. on Machine Learning (ICML), Omnipress
Barreno M, Nelson B, Sears R, Joseph AD, Tygar JD (2006) Can machine learning be secure? In: Proceedings of the 2006 ACM symposium on information, computer and communications security, ACM, ASIACCS ’06, pp 16–25
Alcalá-FdezJFernándezALuengoJDerracJGarcíaSSánchezLHerreraFKeel data-mining software tool: data set repository, integration of algorithms and experimental analysis frameworkJ Multiple-Valued Logic Soft Comput2011172–3255287
Cheng H, Yan X, Han J, Hsu CW (2007) Discriminative frequent pattern analysis for effective classification. In: IEEE 23rd international conference on data engineering, IEEE, pp 716–725
Bhagoji AN, He W, Li B, Song D (2018) Practical black-box attacks on deep neural networks using
K Mao (1159_CR43) 2002; 13
E Bernado-Mansilla (1159_CR6) 2005; 9
1159_CR19
1159_CR18
A Lakhina (1159_CR38) 2004; 34
F Roli (1159_CR50) 2013
1159_CR12
1159_CR11
V Chandola (1159_CR21) 2009; 41
1159_CR53
1159_CR59
1159_CR14
1159_CR58
1159_CR13
1159_CR57
1159_CR51
H Xiao (1159_CR65) 2015; 160
J Alcalá-Fdez (1159_CR2) 2011; 17
B Biggio (1159_CR10) 2010; 1
ZM He (1159_CR33) 2015; 6
1159_CR44
1159_CR42
1159_CR49
J Fierrez-Aguilar (1159_CR31) 2005; 38
1159_CR47
1159_CR46
JS Sánchez (1159_CR54) 2007; 10
1159_CR40
M Barreno (1159_CR5) 2010; 81
1159_CR4
1159_CR3
F Zhang (1159_CR67) 2016; 46
1159_CR8
1159_CR7
E Pekalska (1159_CR48) 2002; 2
TK Ho (1159_CR35) 2002; 24
E Tuv (1159_CR60) 2009; 10
1159_CR39
1159_CR1
JA SáEz (1159_CR52) 2013; 46
RA Servedio (1159_CR55) 2003; 4
1159_CR37
1159_CR36
AS Britto (1159_CR17) 2014; 47
B Biggio (1159_CR9) 2018; 84
1159_CR30
FW Smith (1159_CR56) 1968; 100
B Biggio (1159_CR16) 2015; 9132
ZM He (1159_CR32) 2012; 1
CC Chang (1159_CR22) 2011; 2
B Nelson (1159_CR45) 2008; 8
PP Chan (1159_CR20) 2018; 9
1159_CR28
J Luengo (1159_CR41) 2012; 185
B Biggio (1159_CR15) 2014; 26
1159_CR23
1159_CR66
1159_CR64
1159_CR27
1159_CR26
1159_CR25
1159_CR24
1159_CR68
1159_CR63
A Dries (1159_CR29) 2009; 2
1159_CR62
1159_CR61
TK Ho (1159_CR34) 2002; 5
References_xml – volume: 2
  start-page: 27
  issue: 3
  year: 2011
  ident: 1159_CR22
  publication-title: ACM Transactions on Intelligent Systems and Technology (TIST)
  contributor:
    fullname: CC Chang
– ident: 1159_CR63
– volume: 81
  start-page: 121
  issue: 2
  year: 2010
  ident: 1159_CR5
  publication-title: Mach Learning
  doi: 10.1007/s10994-010-5188-5
  contributor:
    fullname: M Barreno
– volume: 47
  start-page: 3665
  issue: 11
  year: 2014
  ident: 1159_CR17
  publication-title: Pattern Recognition
  doi: 10.1016/j.patcog.2014.05.003
  contributor:
    fullname: AS Britto
– volume: 8
  start-page: 1
  year: 2008
  ident: 1159_CR45
  publication-title: LEET
  contributor:
    fullname: B Nelson
– volume: 17
  start-page: 255
  issue: 2–3
  year: 2011
  ident: 1159_CR2
  publication-title: J Multiple-Valued Logic Soft Comput
  contributor:
    fullname: J Alcalá-Fdez
– ident: 1159_CR30
– volume: 24
  start-page: 289
  issue: 3
  year: 2002
  ident: 1159_CR35
  publication-title: IEEE Trans Pattern Anal Mach Intell
  doi: 10.1109/34.990132
  contributor:
    fullname: TK Ho
– ident: 1159_CR40
  doi: 10.1145/1081870.1081950
– ident: 1159_CR44
– ident: 1159_CR19
  doi: 10.1109/SP.2017.49
– start-page: 1
  volume-title: Progress in pattern recognition, image analysis, computer vision, and applications
  year: 2013
  ident: 1159_CR50
  contributor:
    fullname: F Roli
– ident: 1159_CR39
– ident: 1159_CR62
– volume: 46
  start-page: 355
  issue: 1
  year: 2013
  ident: 1159_CR52
  publication-title: Pattern Recognition
  doi: 10.1016/j.patcog.2012.07.009
  contributor:
    fullname: JA SáEz
– ident: 1159_CR3
– ident: 1159_CR18
– volume: 9
  start-page: 82
  issue: 1
  year: 2005
  ident: 1159_CR6
  publication-title: IEEE Trans Evolut Comput
  doi: 10.1109/TEVC.2004.840153
  contributor:
    fullname: E Bernado-Mansilla
– volume: 1
  start-page: 27
  issue: 1–4
  year: 2010
  ident: 1159_CR10
  publication-title: Int J Mach Learning Cybernet
  doi: 10.1007/s13042-010-0007-7
  contributor:
    fullname: B Biggio
– volume: 41
  start-page: 15
  issue: 3
  year: 2009
  ident: 1159_CR21
  publication-title: ACM Comput Surveys (CSUR)
  doi: 10.1145/1541880.1541882
  contributor:
    fullname: V Chandola
– ident: 1159_CR26
  doi: 10.1145/1014052.1014066
– volume: 5
  start-page: 102
  issue: 2
  year: 2002
  ident: 1159_CR34
  publication-title: Pattern Anal Appl
  doi: 10.1007/s100440200009
  contributor:
    fullname: TK Ho
– ident: 1159_CR46
  doi: 10.1109/EuroSP.2016.36
– ident: 1159_CR28
– volume: 10
  start-page: 1341
  issue: Jul
  year: 2009
  ident: 1159_CR60
  publication-title: J Mach Learn Res
  contributor:
    fullname: E Tuv
– volume: 84
  start-page: 317
  year: 2018
  ident: 1159_CR9
  publication-title: Pattern Recognition
  doi: 10.1016/j.patcog.2018.07.023
  contributor:
    fullname: B Biggio
– ident: 1159_CR24
  doi: 10.1007/11856214_4
– ident: 1159_CR7
  doi: 10.1007/978-3-030-01258-8_10
– ident: 1159_CR36
  doi: 10.1145/2046684.2046692
– ident: 1159_CR66
  doi: 10.1109/ICWAPR.2015.7295946
– volume: 4
  start-page: 633
  year: 2003
  ident: 1159_CR55
  publication-title: J Mach Learn Res
  contributor:
    fullname: RA Servedio
– volume: 160
  start-page: 53
  year: 2015
  ident: 1159_CR65
  publication-title: Neurocomputing
  doi: 10.1016/j.neucom.2014.08.081
  contributor:
    fullname: H Xiao
– ident: 1159_CR13
– volume: 13
  start-page: 1211
  issue: 5
  year: 2002
  ident: 1159_CR43
  publication-title: IEEE Trans Neural Netw
  doi: 10.1109/TNN.2002.1031953
  contributor:
    fullname: K Mao
– ident: 1159_CR57
  doi: 10.1145/2420950.2420987
– ident: 1159_CR14
  doi: 10.1007/978-3-642-40994-3_25
– volume: 26
  start-page: 984
  year: 2014
  ident: 1159_CR15
  publication-title: IEEE Trans Knowl Data Eng
  doi: 10.1109/TKDE.2013.57
  contributor:
    fullname: B Biggio
– volume: 9132
  start-page: 168
  year: 2015
  ident: 1159_CR16
  publication-title: Int’l Workshop Multiple Classifier Syst (MCS)
  doi: 10.1007/978-3-319-20248-8_15
  contributor:
    fullname: B Biggio
– ident: 1159_CR61
– ident: 1159_CR23
  doi: 10.1109/ICDE.2007.367917
– volume: 38
  start-page: 777
  issue: 5
  year: 2005
  ident: 1159_CR31
  publication-title: Pattern Recognition
  doi: 10.1016/j.patcog.2004.11.012
  contributor:
    fullname: J Fierrez-Aguilar
– volume: 6
  start-page: 607
  issue: 4
  year: 2015
  ident: 1159_CR33
  publication-title: Int J Mach Learn Cybernet
  doi: 10.1007/s13042-015-0348-3
  contributor:
    fullname: ZM He
– volume: 2
  start-page: 175
  year: 2002
  ident: 1159_CR48
  publication-title: J Mach Learn Res
  contributor:
    fullname: E Pekalska
– ident: 1159_CR49
  doi: 10.1145/1315245.1315288
– ident: 1159_CR64
– ident: 1159_CR51
  doi: 10.1145/1644893.1644895
– ident: 1159_CR37
– volume: 185
  start-page: 43
  issue: 1
  year: 2012
  ident: 1159_CR41
  publication-title: Inform Sci
  doi: 10.1016/j.ins.2011.09.022
  contributor:
    fullname: J Luengo
– ident: 1159_CR1
– volume: 34
  start-page: 219
  year: 2004
  ident: 1159_CR38
  publication-title: ACM SIGCOMM Comput Commun Rev ACM
  doi: 10.1145/1030194.1015492
  contributor:
    fullname: A Lakhina
– volume: 9
  start-page: 1039
  issue: 6
  year: 2018
  ident: 1159_CR20
  publication-title: Int J Mach Learn Cybernet
  doi: 10.1007/s13042-016-0629-5
  contributor:
    fullname: PP Chan
– ident: 1159_CR68
  doi: 10.1145/3219819.3220078
– ident: 1159_CR25
  doi: 10.1109/SP.2008.11
– volume: 100
  start-page: 367
  issue: 4
  year: 1968
  ident: 1159_CR56
  publication-title: IEEE Trans Comput
  doi: 10.1109/TC.1968.229395
  contributor:
    fullname: FW Smith
– ident: 1159_CR12
– ident: 1159_CR58
  doi: 10.1145/1330107.1330147
– ident: 1159_CR8
– ident: 1159_CR11
  doi: 10.1007/978-3-642-21557-5_37
– ident: 1159_CR59
  doi: 10.1109/TEVC.2019.2890858
– ident: 1159_CR53
– ident: 1159_CR27
  doi: 10.1145/1553374.1553404
– ident: 1159_CR47
  doi: 10.1145/3052973.3053009
– volume: 1
  start-page: 349
  year: 2012
  ident: 1159_CR32
  publication-title: Int Conf Mach Learn Cybernet
  contributor:
    fullname: ZM He
– volume: 10
  start-page: 189
  issue: 3
  year: 2007
  ident: 1159_CR54
  publication-title: Pattern Anal Appl
  doi: 10.1007/s10044-007-0061-2
  contributor:
    fullname: JS Sánchez
– volume: 2
  start-page: 311
  issue: 5–6
  year: 2009
  ident: 1159_CR29
  publication-title: Stat Anal Data Mining
  doi: 10.1002/sam.10054
  contributor:
    fullname: A Dries
– ident: 1159_CR42
  doi: 10.1145/3190619.3190637
– ident: 1159_CR4
  doi: 10.1145/1128817.1128824
– volume: 46
  start-page: 766
  year: 2016
  ident: 1159_CR67
  publication-title: IEEE Trans Cybernet
  doi: 10.1109/TCYB.2015.2415032
  contributor:
    fullname: F Zhang
SSID ssj0000603302
ssib031263576
ssib033405570
Score 2.251054
Snippet A causative attack which manipulates training samples to mislead learning is a common attack scenario. Current countermeasures reduce the influence of the...
SourceID proquest
crossref
springer
SourceType Aggregation Database
Publisher
StartPage 103
SubjectTerms Accuracy
Artificial Intelligence
Classification
Classifiers
Complex Systems
Complexity
Computational Intelligence
Control
Datasets
Engineering
Learning
Mechatronics
Neural networks
Original Article
Pattern Recognition
Robotics
Robustness
Security systems
Support vector machines
Systems Biology
Taxonomy
SummonAdditionalLinks – databaseName: SpringerLINK - Czech Republic Consortium
  dbid: AGYKE
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT8JAEJ4oXPSgghpRNHvwoNEldNvt40gISDR6ggRPzb6aGBCJLYnx17u7ba3PA9c-09npzDezM98AnLNIatjAAuyTKMGeqyjWfodhyQ07nSSRtHnI-wd_NPFup3Ra9XHbYvdyR9Ia6qrXzQTe2EQ7BsVEONiEetF4Wu_dPN4NSjVyHUOwUnlZ1_Us0dRn6qXr62N5NWLoh4aO1ynaaf5-0XeXVeHQH1un1iMNd2Fc9vXkhSizzirjHfH-m-ZxnY_dg50CoaJerlIN2FCLJmx_4S1sQqOwCCm6KGirL_eh32er1NKII61Zao6S-dMSsSxjYoakymzN1wKZxC8ydanIVrOrNx0GoOc8U5kewGQ4GPdHuBjRgIU2BhkmUnBHmlERiupVVXbsjYZchEeJIyUl3KFJknQ5E5JRzzTiim7IuJlb6XNG3UOoLV4W6ghQYMZoafsgBHE94QcsCXU0JUN9vyMj4bTgqlyFeJkzccQV57KRV6zlFVt5xUEL2uVCxcVfmcYk0nA1iAJCW3BdCr46_f_Tjte7_AS2iCl9sZmaNtSy15U61dgl42eFrn4AW43d-g
  priority: 102
  providerName: Springer Nature
Title Causative label flip attack detection with data complexity measures
URI https://link.springer.com/article/10.1007/s13042-020-01159-7
https://www.proquest.com/docview/2919379725
Volume 12
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3NS8MwFA-6XbyI8wOnc-TgQdHgmn6kPckc-0BxiDiYp5ImKYizm7YD_3zz0tSioKdCSnP4NS_v915efg-hUx5JTRs4IwGNUuK5yifa73AiE1CnkzSSJg95Pw0mM-927s9twi23ZZXVnmg2arkUkCO_opGmGixi1L9evRPoGgWnq7aFxiZqOpQxCL7C0bhaT64DSiu1u3VdzyhOfedgeoEeK8sSwyAEXV7H3qspb9dBqE8gvgLeFBH203fVhPTXGapxTaMdtG05Je6Xi6CFNlS2i1rWanN8ZqWlz_fQYMDXuZH6xvrvqwVOFy8rzIuCi1csVWHqsjIMyVkMtaPYVJyrT03V8VuZTcz30Ww0fBpMiG2jQIQ22IJQKRJHQjsH5WvklWlNo2kRTaLUkdKnieOnadpLuJDc9-CyrOiFPIHekkHCffcANbJlpg4RZtDqStuwENT1RMB4GuqIR4b6e0dGwmmjiwqgeFWqZcS1LjLAGWs4YwNnzNqoU2EYW8vJ4_o_t9FlhWv9-u_Zjv6f7RhtUShHMdmTDmoUH2t1ovlEkXTNoumiZn_8fDfUz5vh9OFRj85o_wsjC8TK
link.rule.ids 315,783,787,12777,21400,27936,27937,33385,33756,41093,41535,42162,42604,43612,43817,52123,52246
linkProvider ProQuest
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3PS8MwFA66HfQizh84nZqDB0WDa9r0x0l0bEzdhsgGu5U0SUGc27Qd-Oebl6YWBb02NIcveXnfe3n5HkJnPJKaNvCA-DRKiecqRrTf4UQmoE4naSRNHnI48vsT72HKpjbhltmyyvJMNAe1XAjIkV_TSFONIAoou1m-E-gaBbertoXGOqqDVJUOvup33dHTc7mjXAe0ViqH67qe0Zz6zsK0ff2tKEwM_RCUeR37sqZ4XwfBPoEIC5hTRIKf3quipL9uUY1z6m2jLcsq8W2xDRpoTc13UMPabYbPrbj0xS7qdPgqM2LfWK-_muF09rLEPM-5eMVS5aYya44hPYuhehSbmnP1qck6fivyidkemvS6406f2EYKRGiTzQmVInEkNHRQTGOvTHMaTYxoEqWOlIwmDkvTtJ1wITnz4LmsaIc8ge6SfsKZu49q88VcHSAcQLMrbcVCUNcTfsDTUMc8MtT_OzISThNdlgDFy0IvI66UkQHOWMMZGzjjoIlaJYaxtZ0srla6ia5KXKvhv2c7_H-2U7TRHw8H8eB-9HiENikUp5hcSgvV8o-VOtbsIk9O7Bb6Avj-xQQ
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFH7oBNGDuKk4nZqDB0XD1rRpm-OYjvlreHCwW0mTFMRZh-3AP98kbe0UPXjtT3h5j_fl5XvfAzjlTGrYwAPsE5Zgz1UU67zDsYyNOp0kTNo65MPYH0282ymdLnXxW7Z7dSRZ9DQYlaY0785l0q0b38wuHJutj4E0DAersKZTkWtIfRPSrzzKdYzWSp1wXdezmlNfVZier68VxMTQD40yr1N21vz-m-_Zq4akP05RbXIabsNWiSpRv3CDJqyotAWbS1qDLWiWUZyhs1Jq-nwHBgO-yKz0N9LeoGYomT3PEc9zLl6QVLnlaaXIFGuR4ZIiy0BXHxq6o9eiupjtwmR4_TQY4XKsAhY6gHNMpIgdacY7KKpXQtlRNRomkZgljpSUxA5NkqQXcyE59UzzrOiFPDazJv2YU3cPGulbqvYBBWb0lY5pIYjrCT_gSah3QDLU7zuSCacNF5W5onmhnhHVOsnGuJE2bmSNGwVt6FQWjcpIyiLCNMQMWEBoGy4rK9e3__7awf8eP4H1x6thdH8zvjuEDWKYK7bQ0oFG_r5QRxp65PGx9a5PjozJKA
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Causative+label+flip+attack+detection+with+data+complexity+measures&rft.jtitle=International+journal+of+machine+learning+and+cybernetics&rft.au=Chan%2C+Patrick+P.+K&rft.au=He%2C+Zhimin&rft.au=Hu%2C+Xian&rft.au=Tsang%2C+Eric+C.+C&rft.date=2021-01-01&rft.pub=Springer+Nature+B.V&rft.issn=1868-8071&rft.eissn=1868-808X&rft.volume=12&rft.issue=1&rft.spage=103&rft.epage=116&rft_id=info:doi/10.1007%2Fs13042-020-01159-7
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1868-8071&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1868-8071&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1868-8071&client=summon