TL;DR
This paper introduces a framework for training classifiers with verified global robustness properties, addressing the challenge of data distribution shifts in security applications like malware detection and spam filtering.
Contribution
It proposes a novel booster-fixer training framework, new notions of global robustness, and a verifier for security classifiers, enabling multiple robustness properties to be satisfied simultaneously.
Findings
Successfully trained classifiers with multiple global robustness properties.
Achieved robustness with minimal performance impact.
Demonstrated on security datasets including Twitter spam detection.
Abstract
Many recent works have proposed methods to train classifiers with local robustness properties, which can provably eliminate classes of evasion attacks for most inputs, but not all inputs. Since data distribution shift is very common in security applications, e.g., often observed for malware detection, local robustness cannot guarantee that the property holds for unseen inputs at the time of deploying the classifier. Therefore, it is more desirable to enforce global robustness properties that hold for all inputs, which is strictly stronger than local robustness. In this paper, we present a framework and tools for training classifiers that satisfy global robustness properties. We define new notions of global robustness that are more suitable for security classifiers. We design a novel booster-fixer training framework to enforce global robustness properties. We structure our classifier…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
