Adversarial machine learning for spam filters

Bhargav Kuchipudi; Ravi Teja Nannapaneni; Qi Liao

doi:10.1145/3407023.3407079

Adversarial machine learning for spam filters

Bhargav Kuchipudi, Ravi Teja Nannapaneni, Qi Liao

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Scopus citations

Abstract

Email spam filters based on machine learning techniques are widely deployed in today's organizations. As our society relies more on artificial intelligence (AI), the security of AI, especially the machine learning algorithms, becomes increasingly important and remains largely untested. Adversarial machine learning, on the other hand, attempts to defeat machine learning models through malicious input. In this paper, we experiment how adversarial scenario may impact the security of machine learning based mechanisms such as email spam filters. Using natural language processing (NLP) and Baysian model as an example, we developed and tested three invasive techniques, i.e., synonym replacement, ham word injection and spam word spacing. Our adversarial examples and results suggest that these techniques are effective in fooling the machine learning models. The study calls for more research on understanding and safeguarding machine learning based security mechanisms in the presence of adversaries.

Original language	English
Title of host publication	Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020
Publisher	Association for Computing Machinery
Pages	1-6
Volume	38
ISBN (Electronic)	9781450388337
DOIs	https://doi.org/10.1145/3407023.3407079
State	Published - Aug 25 2020
Event	15th International Conference on Availability, Reliability and Security, ARES 2020 - Virtual, Online, Ireland Duration: Aug 25 2020 → Aug 28 2020

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	15th International Conference on Availability, Reliability and Security, ARES 2020
Country/Territory	Ireland
City	Virtual, Online
Period	08/25/20 → 08/28/20

Keywords

Adversarial machine learning
Artificial intelligence
Network security
Spam detection

Access to Document

10.1145/3407023.3407079

Cite this

@inproceedings{b8b502f9518d4b69b4e0d4ab99d289f9,

title = "Adversarial machine learning for spam filters",

abstract = "Email spam filters based on machine learning techniques are widely deployed in today's organizations. As our society relies more on artificial intelligence (AI), the security of AI, especially the machine learning algorithms, becomes increasingly important and remains largely untested. Adversarial machine learning, on the other hand, attempts to defeat machine learning models through malicious input. In this paper, we experiment how adversarial scenario may impact the security of machine learning based mechanisms such as email spam filters. Using natural language processing (NLP) and Baysian model as an example, we developed and tested three invasive techniques, i.e., synonym replacement, ham word injection and spam word spacing. Our adversarial examples and results suggest that these techniques are effective in fooling the machine learning models. The study calls for more research on understanding and safeguarding machine learning based security mechanisms in the presence of adversaries.",

keywords = "Adversarial machine learning, Artificial intelligence, Network security, Spam detection",

author = "Bhargav Kuchipudi and Nannapaneni, {Ravi Teja} and Qi Liao",

note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 15th International Conference on Availability, Reliability and Security, ARES 2020 ; Conference date: 25-08-2020 Through 28-08-2020",

year = "2020",

month = aug,

day = "25",

doi = "10.1145/3407023.3407079",

language = "English",

volume = "38",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "1--6",

booktitle = "Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020",

}

Kuchipudi, B, Nannapaneni, RT & Liao, Q 2020, Adversarial machine learning for spam filters. in Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020. vol. 38, ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 1-6, 15th International Conference on Availability, Reliability and Security, ARES 2020, Virtual, Online, Ireland, 08/25/20. https://doi.org/10.1145/3407023.3407079

Adversarial machine learning for spam filters. / Kuchipudi, Bhargav; Nannapaneni, Ravi Teja; Liao, Qi.
Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020. Vol. 38 Association for Computing Machinery, 2020. p. 1-6 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adversarial machine learning for spam filters

AU - Kuchipudi, Bhargav

AU - Nannapaneni, Ravi Teja

AU - Liao, Qi

PY - 2020/8/25

Y1 - 2020/8/25

N2 - Email spam filters based on machine learning techniques are widely deployed in today's organizations. As our society relies more on artificial intelligence (AI), the security of AI, especially the machine learning algorithms, becomes increasingly important and remains largely untested. Adversarial machine learning, on the other hand, attempts to defeat machine learning models through malicious input. In this paper, we experiment how adversarial scenario may impact the security of machine learning based mechanisms such as email spam filters. Using natural language processing (NLP) and Baysian model as an example, we developed and tested three invasive techniques, i.e., synonym replacement, ham word injection and spam word spacing. Our adversarial examples and results suggest that these techniques are effective in fooling the machine learning models. The study calls for more research on understanding and safeguarding machine learning based security mechanisms in the presence of adversaries.

AB - Email spam filters based on machine learning techniques are widely deployed in today's organizations. As our society relies more on artificial intelligence (AI), the security of AI, especially the machine learning algorithms, becomes increasingly important and remains largely untested. Adversarial machine learning, on the other hand, attempts to defeat machine learning models through malicious input. In this paper, we experiment how adversarial scenario may impact the security of machine learning based mechanisms such as email spam filters. Using natural language processing (NLP) and Baysian model as an example, we developed and tested three invasive techniques, i.e., synonym replacement, ham word injection and spam word spacing. Our adversarial examples and results suggest that these techniques are effective in fooling the machine learning models. The study calls for more research on understanding and safeguarding machine learning based security mechanisms in the presence of adversaries.

KW - Adversarial machine learning

KW - Artificial intelligence

KW - Network security

KW - Spam detection

UR - http://www.scopus.com/inward/record.url?scp=85123041233&partnerID=8YFLogxK

U2 - 10.1145/3407023.3407079

DO - 10.1145/3407023.3407079

M3 - Conference contribution

VL - 38

T3 - ACM International Conference Proceeding Series

SP - 1

EP - 6

BT - Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020

PB - Association for Computing Machinery

T2 - 15th International Conference on Availability, Reliability and Security, ARES 2020

Y2 - 25 August 2020 through 28 August 2020

ER -

Adversarial machine learning for spam filters

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this