Time: Thursday 23-May-2019 22:30 (This is a past event.)
Motivation / Abstract
Classifiers are often used to detect malicious activities in adversarial environments. Sophisticated adversaries would attempt to find information about deployed classifiers in order to strategies different evasion techniques. It is a widely held belief that randomization of decision boundaries/rules of detection systems would introduce further complexities in attempts made by the adversaries for finding minimal adversarial cost (MAC) evading instances. We have extended the results obtained by Nelson et al.  and further presented a novel algorithm that can find optimal evading instances in randomized convex-inducing classifiers using polynomial-many queries. Our results have demonstrated that the complexity introduced through randomization only increases the complexity of finding an optimal evading instance by a constant factor and thus the risk of optimal evasion is still present.