Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

The Security of Machine Learning

Marco Barreno, Blaine Alan Nelson, Anthony D. Joseph and Doug Tygar

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2008-43
April 24, 2008

http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-43.pdf

Machine learning has become a fundamental tool for computer security since it can rapidly evolve to changing and complex situations. That adaptability is also a vulnerability: attackers can exploit machine learning systems. We present a taxonomy identifying and analyzing attacks against machine learning systems. We show how these classes influence the costs for the attacker and defender, and we give a formal structure defining their interaction. We use our framework to survey and analyze the literature of attacks against machine learning systems. We also illustrate our taxonomy by showing how it can guide attacks against SpamBayes, a popular statistical spam filter. Finally, we discuss how our taxonomy suggests new lines of defenses.


BibTeX citation:

@techreport{Barreno:EECS-2008-43,
    Author = {Barreno, Marco and Nelson, Blaine Alan and Joseph, Anthony D. and Tygar, Doug},
    Title = {The Security of Machine Learning},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2008},
    Month = {Apr},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-43.html},
    Number = {UCB/EECS-2008-43},
    Abstract = {Machine learning has become a fundamental tool for computer security since it can rapidly evolve to changing and complex situations.  That adaptability is also a vulnerability: attackers can exploit machine learning systems.  We present a taxonomy identifying and analyzing attacks against machine learning systems.  We show how these classes influence the costs for the attacker and defender, and we give a formal structure defining their interaction.  We use our framework to survey and analyze the literature of attacks against machine learning systems.  We also illustrate our taxonomy by showing how it can guide attacks against SpamBayes, a popular statistical spam filter.  Finally, we discuss how our taxonomy suggests new lines of defenses.}
}

EndNote citation:

%0 Report
%A Barreno, Marco
%A Nelson, Blaine Alan
%A Joseph, Anthony D.
%A Tygar, Doug
%T The Security of Machine Learning
%I EECS Department, University of California, Berkeley
%D 2008
%8 April 24
%@ UCB/EECS-2008-43
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-43.html
%F Barreno:EECS-2008-43