What is Adversarial Learning?

Adversarial learning is a novel research field that lies at the intersection of machine learning and computer security. It aims at enabling the safe adoption of machine learning techniques in adversarial settings like spam filteringcomputer security, and biometric recognition.

The problem is motivated by the fact that machine learning techniques have not been originally designed to cope with intelligent and adaptive adversaries, and, thus, in principle, the whole system security may be compromised by exploiting specific vulnerabilities of learning algorithms through a careful manipulation of the input data. 

Accordingly, to improve the security of learning algorithms, the field of adversarial learning addresses the following main open issues:

  1. identifying potential vulnerabilities of machine learning algorithms during learning and classification;
  2. devising the corresponding attacks and evaluating their impact on the attacked system;
  3. proposing countermeasures to improve the security of machine learning algorithms against the considered attacks.

Our work in adversarial learning attempts to cover all of the aforementioned issues. We did a significant amount of work on the security evaluation of pattern classifiers, and on the development of attacks staged either at training (poisoning) or test time (evasion), together with the proposal of suitable countermeasures.