Adversarial machine learning for spam filters

Bhargav Kuchipudi, Ravi Teja Nannapaneni, Qi Liao

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Email spam filters based on machine learning techniques are widely deployed in today's organizations. As our society relies more on artificial intelligence (AI), the security of AI, especially the machine learning algorithms, becomes increasingly important and remains largely untested. Adversarial machine learning, on the other hand, attempts to defeat machine learning models through malicious input. In this paper, we experiment how adversarial scenario may impact the security of machine learning based mechanisms such as email spam filters. Using natural language processing (NLP) and Baysian model as an example, we developed and tested three invasive techniques, i.e., synonym replacement, ham word injection and spam word spacing. Our adversarial examples and results suggest that these techniques are effective in fooling the machine learning models. The study calls for more research on understanding and safeguarding machine learning based security mechanisms in the presence of adversaries.

Original languageEnglish
Title of host publicationProceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020
PublisherAssociation for Computing Machinery
Pages1-6
Volume38
ISBN (Electronic)9781450388337
DOIs
StatePublished - Aug 25 2020
Event15th International Conference on Availability, Reliability and Security, ARES 2020 - Virtual, Online, Ireland
Duration: Aug 25 2020Aug 28 2020

Publication series

NameACM International Conference Proceeding Series

Conference

Conference15th International Conference on Availability, Reliability and Security, ARES 2020
Country/TerritoryIreland
CityVirtual, Online
Period08/25/2008/28/20

Keywords

  • Adversarial machine learning
  • Artificial intelligence
  • Network security
  • Spam detection

Fingerprint

Dive into the research topics of 'Adversarial machine learning for spam filters'. Together they form a unique fingerprint.

Cite this