# Enhancing Robustness of Machine Learning Systems via Data   Transformations

**Authors:** Arjun Nitin Bhagoji, Daniel Cullina, Chawin Sitawarin, Prateek Mittal

arXiv: 1704.02654 · 2017-12-01

## TL;DR

This paper introduces data transformations, such as PCA and anti-whitening, as effective defenses against evasion attacks on machine learning classifiers, improving robustness across various models and domains.

## Contribution

It presents a novel approach of using linear data transformations as a defense mechanism against evasion attacks, demonstrating empirical effectiveness.

## Key findings

- Defense increases attack resource requirements two-fold.
- Effective across multiple classifiers including SVMs and neural networks.
- Applicable to diverse domains like image and activity classification.

## Abstract

We propose the use of data transformations as a defense against evasion attacks on ML classifiers. We present and investigate strategies for incorporating a variety of data transformations including dimensionality reduction via Principal Component Analysis and data `anti-whitening' to enhance the resilience of machine learning, targeting both the classification and the training phase. We empirically evaluate and demonstrate the feasibility of linear transformations of data as a defense mechanism against evasion attacks using multiple real-world datasets. Our key findings are that the defense is (i) effective against the best known evasion attacks from the literature, resulting in a two-fold increase in the resources required by a white-box adversary with knowledge of the defense for a successful attack, (ii) applicable across a range of ML classifiers, including Support Vector Machines and Deep Neural Networks, and (iii) generalizable to multiple application domains, including image classification and human activity classification.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1704.02654/full.md

## Figures

33 figures with captions in the complete paper: https://tomesphere.com/paper/1704.02654/full.md

## References

55 references — full list in the complete paper: https://tomesphere.com/paper/1704.02654/full.md

---
Source: https://tomesphere.com/paper/1704.02654