-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path14545761055440.html
executable file
·513 lines (327 loc) · 15.8 KB
/
14545761055440.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
<!doctype html>
<html class="no-js" lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>
Note for "Thesis - Behavior of Machine Learning Algorithms in Adversarial Environments.pdf"(1) - 雪地
</title>
<link href="atom.xml" rel="alternate" title="雪地" type="application/atom+xml">
<link rel="stylesheet" href="asset/css/foundation.min.css" />
<link rel="stylesheet" href="asset/css/docs.css" />
<link rel="icon" href="asset/img/favicon.ico" />
<script src="asset/js/vendor/modernizr.js"></script>
<script src="asset/js/vendor/jquery.js"></script>
<script src="asset/highlightjs/highlight.pack.js"></script>
<link href="asset/highlightjs/styles/github.css" media="screen, projection" rel="stylesheet" type="text/css">
<script>hljs.initHighlightingOnLoad();</script>
<script type="text/javascript">
function before_search(){
var searchVal = 'site:yinzo.github.io ' + document.getElementById('search_input').value;
document.getElementById('search_q').value = searchVal;
return true;
}
</script>
</head>
<body class="antialiased hide-extras">
<div class="marketing off-canvas-wrap" data-offcanvas>
<div class="inner-wrap">
<nav class="top-bar docs-bar hide-for-small" data-topbar>
<section class="top-bar-section">
<div class="row">
<div style="position: relative;width:100%;"><div style="position: absolute; width:100%;">
<ul id="main-menu" class="left">
<li id="menu_item_index"><a href="index.html">Blog</a></li>
<li id="menu_item_archives"><a href="archives.html">Archives</a></li>
<li id="menu_item_about"><a href="http://yinz.xyz/">Home</a></li>
</ul>
<ul class="right" id="search-wrap">
<li>
<form target="_blank" onsubmit="return before_search();" action="http://google.com/search" method="get">
<input type="hidden" id="search_q" name="q" value="" />
<input tabindex="1" type="search" id="search_input" placeholder="Search"/>
</form>
</li>
</ul>
</div></div>
</div>
</section>
</nav>
<nav class="tab-bar show-for-small">
<a href="javascript:void(0)" class="left-off-canvas-toggle menu-icon">
<span> 雪地</span>
</a>
</nav>
<aside class="left-off-canvas-menu">
<ul class="off-canvas-list">
<li><a href="index.html">Blog</a></li>
<li><a href="archives.html">Archives</a></li>
<li><a href="http://yinz.xyz/">Home</a></li>
<li><label>Categories</label></li>
<li><a href="Security%20Info.html">Security Info</a></li>
<li><a href="Adversary%20Learning.html">Adversary Learning</a></li>
<li><a href="TCPIP.html">TCP/IP</a></li>
<li><a href="Pattern%20Recognition.html">Pattern Recognition</a></li>
<li><a href="Python.html">Python</a></li>
<li><a href="OS.html">OS</a></li>
<li><a href="Deep%20Learning.html">Deep Learning</a></li>
<li><a href="Machine%20Learning.html">Machine Learning</a></li>
</ul>
</aside>
<a class="exit-off-canvas" href="#"></a>
<section id="main-content" role="main" class="scroll-container">
<script type="text/javascript">
$(function(){
$('#menu_item_index').addClass('is_active');
});
</script>
<div class="row">
<div class="large-8 medium-8 columns">
<div class="markdown-body article-wrap">
<div class="article">
<h1>Note for "Thesis - Behavior of Machine Learning Algorithms in Adversarial Environments.pdf"(1)</h1>
<div class="read-more clearfix">
<span class="date">2016/2/4 16:55 下午</span>
<span>posted in </span>
<span class="posted-in"><a href='Adversary%20Learning.html'>Adversary Learning</a></span>
<span class="comments">
</span>
</div>
</div><!-- article -->
<div class="article-content">
<h2 id="toc_0">1.1 Motivation and Methodology</h2>
<h4 id="toc_1">Learning approach is well-suited to the scenario when:</h4>
<ol>
<li>The process is too complex to designed for human operator</li>
<li>Requirement of dynamical development</li>
</ol>
<span id="more"></span><!-- more -->
<h4 id="toc_2">An intelligent adversary can:</h4>
<ul>
<li>Alter his approach based on knowledge of the learner’s shortcomings</li>
<li>Mislead it by cleverly crafting data to corrupt </li>
<li>Deceive the learning process</li>
</ul>
<h4 id="toc_3">Potential dangers posed to a learning system:</h4>
<ul>
<li>An attacker can exploit the nature of a machine learning system to mis-train it and cause it to fail</li>
</ul>
<h4 id="toc_4">The questions raised by author:</h4>
<ul>
<li>What techniques can a patient adversary use to mis-train or evade a learning system?</li>
<li>How can system designers assess the vulnerability of their system to vigilantly incorporate trustworthy learning methods?</li>
</ul>
<h4 id="toc_5">An algorithm’s performance depends on:</h4>
<ul>
<li>The constraints placed on the adversary</li>
<li>The job the algorithm is tasked with performing</li>
</ul>
<p>This raises two fundamental questions:</p>
<ul>
<li>How can we evaluate a learner’s performance in adversarial environment?</li>
<li>How to design or select a learner which can be satisfied for its performance in particular environment?</li>
</ul>
<h3 id="toc_6">Example 1.1</h3>
<h4 id="toc_7">How spammer corrupt the learning mechanism:</h4>
<ol>
<li>use information about the email distribution to construct clever attack spam messages</li>
<li>will cause the spam filter to misclassify the user’s desired messages as spam.</li>
<li>to cause the filter to become so unreliable</li>
</ol>
<h3 id="toc_8">Example 1.2</h3>
<h4 id="toc_9">The ANTIDOTE’s feature:</h4>
<ul>
<li>Better resistance within the poisoned environment</li>
<li>But Less effective on non-poisoned environment</li>
</ul>
<h3 id="toc_10">Example 1.3</h3>
<h4 id="toc_11">The means to evade the filter:</h4>
<ul>
<li>obfuscating words indicative of spam to human-recognizable misspellings; e.g., “Viagra” to“V1@gra” or “Cialis” to “Gia|is”</li>
<li>using clever HTML to make the content difficult to parse </li>
<li>adding words or text from other sources unrelated to the spam</li>
<li>embedding images that contains the spam message.</li>
</ul>
<h2 id="toc_12">1.2 Guidelines from Computer Security</h2>
<h4 id="toc_13">Author’s principles:</h4>
<ul>
<li>Proactively Analysis</li>
<li>Kerckhoffs’ Principle</li>
<li>Conservative Design</li>
<li>Threat Modeling</li>
</ul>
<h3 id="toc_14">Proactive Analysis:</h3>
<p>Proactively find the vulnerabilities of learning system before the it is deployed or widely used.</p>
<h3 id="toc_15">Kerckhoffs' Principle:</h3>
<p>Do not let a system’s security rely on secrets. If the secrets are exposed, the system is immediately compromised.</p>
<p>So apply this principle into machine learning, we should assume the adversary is aware of the learning algorithm and can obtain some data used to train the model.</p>
<h3 id="toc_16">Conservative Design:</h3>
<p>When access the security of a system, we should avoid to put limit on adversary’s behavior. We should assume that the adversary has the broadest possible powers.</p>
<p>Conversely, though the adversary too powerfully may lead to an inappropriate assessment on the system.</p>
<h3 id="toc_17">Threat Modeling:</h3>
<p>A completely secure system is infeasible. So author qualified the systems with <em>degree of security</em> -—the level of security expected against an adversary based on a <em>threat model</em> with a certain set of:</p>
<ul>
<li>objectives </li>
<li>capabilities</li>
<li>incentives</li>
</ul>
<h4 id="toc_18">To construct a threat model for a particular learning system:</h4>
<ol>
<li>Quantifies the security setting and objectives of that system, to develop criteria to measure success and quantify the level of security offered.</li>
<li>Formalizing the risks and objectives, to identify potential limitations of the system and potential attacks.</li>
<li>Identifies potential adversarial goals, resources and limitations.</li>
</ol>
<h4 id="toc_19">To evaluating a system:</h4>
<ol>
<li>Determining classed of attacks on the system.</li>
<li>Evaluating the resilience of the system against those attacks</li>
<li>Strengthening the system against those classes of attacks.</li>
</ol>
<h2 id="toc_20">1.3 Historical Roadmap</h2>
<p>Some experience of author when developing this thesis, seems irrelevant to the mainstream.</p>
<h2 id="toc_21">1.4 Dissertation Organization</h2>
<p>As the title, no useful informations.</p>
</div>
<div class="row">
<div class="large-6 columns">
<p class="text-left" style="padding:15px 0px;">
<a href="14569378376035.html"
title="Previous Post: Notes for Neural Network">« Notes for Neural Network</a>
</p>
</div>
<div class="large-6 columns">
<p class="text-right" style="padding:15px 0px;">
<a href="14540640657446.html"
title="Next Post: 封装,与协议的分层">封装,与协议的分层 »</a>
</p>
</div>
</div>
<div class="comments-wrap">
<div class="share-comments">
<div id="disqus_thread"></div>
<script>
/**
* RECOMMENDED CONFIGURATION VARIABLES: EDIT AND UNCOMMENT THE SECTION BELOW TO INSERT DYNAMIC VALUES FROM YOUR PLATFORM OR CMS.
* LEARN WHY DEFINING THESE VARIABLES IS IMPORTANT: https://disqus.com/admin/universalcode/#configuration-variables
*/
/*
var disqus_config = function () {
this.page.url = PAGE_URL; // Replace PAGE_URL with your page's canonical URL variable
this.page.identifier = PAGE_IDENTIFIER; // Replace PAGE_IDENTIFIER with your page's unique identifier variable
};
*/
(function() { // DON'T EDIT BELOW THIS LINE
var d = document, s = d.createElement('script');
s.src = '//yinzo.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript" rel="nofollow">comments powered by Disqus.</a></noscript>
</div>
</div>
</div><!-- article-wrap -->
</div><!-- large 8 -->
<div class="large-4 medium-4 columns">
<div class="hide-for-small">
<div id="sidebar" class="sidebar">
<div id="site-info" class="site-info">
<div class="site-a-logo"><img src="asset/img/3.png" /></div>
<h1>雪地</h1>
<div class="site-des"></div>
<div class="social">
<a class="github" target="_blank" href="https://github.com/Yinzo" title="GitHub">GitHub</a>
<a class="email" href="mailto:yinz995-1@yahoo.com" title="Email">Email</a>
<a class="rss" href="atom.xml" title="RSS">RSS</a>
</div>
</div>
<div id="site-categories" class="side-item ">
<div class="side-header">
<h2>Categories</h2>
</div>
<div class="side-content">
<p class="cat-list">
<a href="Security%20Info.html"><strong>Security Info</strong></a>
<a href="Adversary%20Learning.html"><strong>Adversary Learning</strong></a>
<a href="TCPIP.html"><strong>TCP/IP</strong></a>
<a href="Pattern%20Recognition.html"><strong>Pattern Recognition</strong></a>
<a href="Python.html"><strong>Python</strong></a>
<a href="OS.html"><strong>OS</strong></a>
<a href="Deep%20Learning.html"><strong>Deep Learning</strong></a>
<a href="Machine%20Learning.html"><strong>Machine Learning</strong></a>
</p>
</div>
</div>
<div id="site-categories" class="side-item">
<div class="side-header">
<h2>Recent Posts</h2>
</div>
<div class="side-content">
<ul class="posts-list">
<li class="post">
<a href="14968173531750.html">CS229 学习笔记 Part3</a>
</li>
<li class="post">
<a href="14965964854250.html">CS229 学习笔记 Part2</a>
</li>
<li class="post">
<a href="14946020792948.html">CS229 学习笔记 Part 1</a>
</li>
<li class="post">
<a href="14883590547961.html">原始模型优化笔记</a>
</li>
<li class="post">
<a href="14863637393852.html">低素质弹幕分类器的CNN实现</a>
</li>
</ul>
</div>
</div>
<div id="site-link" class="side-item">
<div class="side-header">
<h2>Link</h2>
</div>
<div class="side-content">
<p class="link-list">
<a href="http://blog.winkidney.com/">阿毛</a>
</p>
</div>
</div>
</div><!-- sidebar -->
</div><!-- hide for small -->
</div><!-- large 4 -->
</div><!-- row -->
<div class="page-bottom clearfix">
<div class="row">
<p class="copyright">Copyright © 2016
Powered by <a target="_blank" href="http://www.mweb.im">MWeb</a>,
Theme used <a target="_blank" href="http://github.com">GitHub CSS</a>.
Modified by <a target="_blank" href="http://yinz.xyz">Yinzo</a>.</p>
</div>
</div>
</section>
</div>
</div>
<script src="asset/js/foundation.min.js"></script>
<script>
$(document).foundation();
function fixSidebarHeight(){
var w1 = $('.markdown-body').height();
var w2 = $('#sidebar').height();
if (w1 > w2) { $('#sidebar').height(w1); };
}
$(function(){
fixSidebarHeight();
})
$(window).load(function(){
fixSidebarHeight();
});
</script>
<script src="asset/chart/all-min.js"></script><script type="text/javascript">$(function(){ var mwebii=0; var mwebChartEleId = 'mweb-chart-ele-'; $('pre>code').each(function(){ mwebii++; var eleiid = mwebChartEleId+mwebii; if($(this).hasClass('language-sequence')){ var ele = $(this).addClass('nohighlight').parent(); $('<div id="'+eleiid+'"></div>').insertAfter(ele); ele.hide(); var diagram = Diagram.parse($(this).text()); diagram.drawSVG(eleiid,{theme: 'simple'}); }else if($(this).hasClass('language-flow')){ var ele = $(this).addClass('nohighlight').parent(); $('<div id="'+eleiid+'"></div>').insertAfter(ele); ele.hide(); var diagram = flowchart.parse($(this).text()); diagram.drawSVG(eleiid); } });});</script>
<script type="text/javascript" src="https://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script><script type="text/x-mathjax-config">MathJax.Hub.Config({TeX: { equationNumbers: { autoNumber: "AMS" } }});</script>
<script src="asset/js/instantclick.min.js" data-no-instant></script>
<script data-no-instant>InstantClick.on('change', function() {
MathJax.Hub.Queue(["Typeset",MathJax.Hub]);
});</script>
<script data-no-instant>InstantClick.init();</script>
</body>
</html>