Curie: A method for protecting SVM Classifier from Poisoning Attack

TL;DR

This paper introduces Curie, a lightweight method to defend SVM classifiers against poisoning attacks by identifying and filtering out malicious training data, thereby maintaining classifier integrity.

Contribution

We propose Curie, a novel approach to detect and remove poisoned data points in SVM training datasets to enhance robustness against poisoning attacks.

Findings

Curie effectively filters out poisoned data points.

The method is lightweight and easily integrable.

Experimental results show high accuracy in defending against attacks.

Abstract

Machine learning is used in a number of security related applications such as biometric user authentication, speaker identification etc. A type of causative integrity attack against machine learning called Poisoning attack works by injecting specially crafted data points in the training data so as to increase the false positive rate of the classifier. In the context of the biometric authentication, this means that more intruders will be classified as valid user, and in case of speaker identification system, user A will be classified user B. In this paper, we examine poisoning attack against SVM and introduce - Curie - a method to protect the SVM classifier from the poisoning attack. The basic idea of our method is to identify the poisoned data points injected by the adversary and filter them out. Our method is light weight and can be easily integrated into existing systems. Experimental results show that it works very well in filtering out the poisoned data.