Tech Reports | EECS at UC Berkeley

Marco Barreno and Blaine Alan Nelson and Anthony D. Joseph and Doug Tygar

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2008-43

April 24, 2008

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-43.pdf

Machine learning has become a fundamental tool for computer security since it can rapidly evolve to changing and complex situations. That adaptability is also a vulnerability: attackers can exploit machine learning systems. We present a taxonomy identifying and analyzing attacks against machine learning systems. We show how these classes influence the costs for the attacker and defender, and we give a formal structure defining their interaction. We use our framework to survey and analyze the literature of attacks against machine learning systems. We also illustrate our taxonomy by showing how it can guide attacks against SpamBayes, a popular statistical spam filter. Finally, we discuss how our taxonomy suggests new lines of defenses.

BibTeX citation:

@techreport{Barreno:EECS-2008-43,
    Author= {Barreno, Marco and Nelson, Blaine Alan and Joseph, Anthony D. and Tygar, Doug},
    Title= {The Security of Machine Learning},
    Year= {2008},
    Month= {Apr},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-43.html},
    Number= {UCB/EECS-2008-43},
    Abstract= {Machine learning has become a fundamental tool for computer security since it can rapidly evolve to changing and complex situations.  That adaptability is also a vulnerability: attackers can exploit machine learning systems.  We present a taxonomy identifying and analyzing attacks against machine learning systems.  We show how these classes influence the costs for the attacker and defender, and we give a formal structure defining their interaction.  We use our framework to survey and analyze the literature of attacks against machine learning systems.  We also illustrate our taxonomy by showing how it can guide attacks against SpamBayes, a popular statistical spam filter.  Finally, we discuss how our taxonomy suggests new lines of defenses.},
}

EndNote citation:

%0 Report
%A Barreno, Marco 
%A Nelson, Blaine Alan 
%A Joseph, Anthony D. 
%A Tygar, Doug 
%T The Security of Machine Learning
%I EECS Department, University of California, Berkeley
%D 2008
%8 April 24
%@ UCB/EECS-2008-43
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-43.html
%F Barreno:EECS-2008-43