# Data Driven Exploratory Attacks on Black Box Classifiers in Adversarial   Domains

**Authors:** Tegjyot Singh Sethi, Mehmed Kantardzic

arXiv: 1703.07909 · 2018-03-28

## TL;DR

This paper presents a formal framework and empirical analysis demonstrating the vulnerability of black box classifiers to data-driven adversarial attacks, highlighting the need for more secure machine learning systems in cybersecurity.

## Contribution

It introduces the Seed-Explore-Exploit framework for simulating adversarial attacks on classifiers and evaluates its effectiveness across multiple real-world datasets.

## Key findings

- Classifiers are highly vulnerable to data-driven evasion attacks.
- Attacks can be executed without knowledge of classifier specifics.
- The framework effectively simulates realistic adversarial scenarios.

## Abstract

While modern day web applications aim to create impact at the civilization level, they have become vulnerable to adversarial activity, where the next cyber-attack can take any shape and can originate from anywhere. The increasing scale and sophistication of attacks, has prompted the need for a data driven solution, with machine learning forming the core of many cybersecurity systems. Machine learning was not designed with security in mind, and the essential assumption of stationarity, requiring that the training and testing data follow similar distributions, is violated in an adversarial domain. In this paper, an adversary's view point of a classification based system, is presented. Based on a formal adversarial model, the Seed-Explore-Exploit framework is presented, for simulating the generation of data driven and reverse engineering attacks on classifiers. Experimental evaluation, on 10 real world datasets and using the Google Cloud Prediction Platform, demonstrates the innate vulnerability of classifiers and the ease with which evasion can be carried out, without any explicit information about the classifier type, the training data or the application domain. The proposed framework, algorithms and empirical evaluation, serve as a white hat analysis of the vulnerabilities, and aim to foster the development of secure machine learning frameworks.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1703.07909/full.md

## Figures

22 figures with captions in the complete paper: https://tomesphere.com/paper/1703.07909/full.md

## References

51 references — full list in the complete paper: https://tomesphere.com/paper/1703.07909/full.md

---
Source: https://tomesphere.com/paper/1703.07909