Open Access
ARTICLE
Defense Against Poisoning Attack via Evaluating Training Samples Using Multiple Spectral Clustering Aggregation Method
College of Computer, National University of Defense Technology, Changsha, 410073, China.
Faculty of Engineering and Information Technology, University of Technology Sydney, 2007, Australia.
* Corresponding Author: Pan Li. Email: .
Computers, Materials & Continua 2019, 59(3), 817-832. https://doi.org/10.32604/cmc.2019.05957
Abstract
The defense techniques for machine learning are critical yet challenging due to the number and type of attacks for widely applied machine learning algorithms are significantly increasing. Among these attacks, the poisoning attack, which disturbs machine learning algorithms by injecting poisoning samples, is an attack with the greatest threat. In this paper, we focus on analyzing the characteristics of positioning samples and propose a novel sample evaluation method to defend against the poisoning attack catering for the characteristics of poisoning samples. To capture the intrinsic data characteristics from heterogeneous aspects, we first evaluate training data by multiple criteria, each of which is reformulated from a spectral clustering. Then, we integrate the multiple evaluation scores generated by the multiple criteria through the proposed multiple spectral clustering aggregation (MSCA) method. Finally, we use the unified score as the indicator of poisoning attack samples. Experimental results on intrusion detection data sets show that MSCA significantly outperforms the K-means outlier detection in terms of data legality evaluation and poisoning attack detection.Keywords
Cite This Article
Citations
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.