Abstract
Pattern recognition techniques have been widely used in security-sensitive applications to distinguish malicious samples from legitimate ones. However, there usually exist some intelligent attackers who intend to have malicious samples to be mis-classified as legitimate at test time, i.e. evasion attack. Current researches show that traditional Support Vector Machines (SVMs) are vulnerable to evasion attacks as they do not consider the existence of an attack. In this paper, we propose to increase the robustness of SVMs against evasion attacks by adding random generated malicious samples to the training set. The experimental result on spam filtering shows that the proposed method can increase the true positive rate of SVMs under evasion attacks without significantly affecting the false positive rate.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
