The Secure Machine Learning (SecML) Project @ Melbourne

Contact: Ben Rubinstein

Statistical Machine Learning—born out of AI, Data Mining, Machine Learning and Statistics—has enabled numerous products and underpins industry trends in Big Data, Data Science and Analytics. Classic SML tasks include among others classification, regression, density estimation, and clustering, where traditional performance measures are statistical (accuracy) and computational (runtime/storage). Increasingly, however, SML is being deployed in systems in which malicious behaviour is incentivised. In such cases, data assumptions such as stationarity, independence, or even stochasticity made by most SML techniques mismatches the reality of data manipulation or misuse. In Adversarial Machine Learning, the attacker may wish to breach the integrity, availability or privacy of an SML system, motivating our interest in evaluating the security/privacy of existing SML approaches and designing improvements. Our work employs a wide range of techniques from kernel methods, Bayesian statistics, online learning theory (learning-theoretic game theory, involving repeated games), robust statistics, differential privacy, with applications in cloud computing, open-source software, network security, risk management, and data privacy. We are keen to make fundamental contributions and engage with government and industry.

People

Benjamin Rubinstein (Senior Lecturer, Project Lead)
Samuel Jenkins (Masters student)
Zuhe Zhang (PhD student)

Collaborators Past & Present

Drs. Tansu Alpcan, Jeffrey Chan, Prof. Christopher Leckie, A/Prof. Sanming Zhou (University of Melbourne, Australia)
Dr. Adam Barth (Google)
Prof. Peter Bartlett (UC Berkeley USA & QUT Australia), Profs. Anthony Joseph, Dawn Song, J. Doug Tygar (UC Berkeley, USA)
Dr. Battista Biggio, Prof. Fabio Roli (University of Cagliari, Italy)
Dr. Christos Dimitrakakis, Prof. Aikaterini Mitrokotsa (Chalmers University of Technology, Sweden)
Dr. Ling Huang (Intel Labs Berkeley, USA)
Prof. Arvind Narayanan (Princeton University, USA)
Dr. Blaine Nelson (University of Potsdam, Germany)
Prof. Elaine Shi (University of Maryland)
Dr. Nina Taft (Technicolor Palo Alto, USA)

Publications

  • Alvaro A. Cárdenas, Blaine Nelson, and Benjamin I. P. Rubinstein (eds.), Proceedings of the 5th Workshop on Artificial Intelligence and Security (AISec 2012), 110 pages, ACM Press, October 2012
  • Benjamin I. P. Rubinstein, Peter L. Bartlett, Ling Huang, and Nina Taft, Learning in a Large Function Space: Privacy-Preserving Mechanisms for SVM Learning, in Special Issue on Statistical and Learning-Theoretic Challenges in Data Privacy of the Journal of Privacy and Confidentiality, 4(1), pp. 65-100, August 2012
    • 2009 preprint
  • Adam Barth, Benjamin I. P. Rubinstein, Mukund Sundararajan, John C. Mitchell, Dawn Song, and Peter L. Bartlett, A Learning-Based Approach to Reactive Security, in IEEE Transactions on Dependable and Secure Computing, 9(4), pp. 482-493, July-Aug 2012
    • Adam Barth, Benjamin I. P. Rubinstein, Mukund Sundararajan, John C. Mitchell, Dawn Song, and Peter L. Bartlett, A Learning-Based Approach to Reactive Security, in Proceedings of the Fourteenth International Conference on Financial Cryptography and Data Security (FC 2010), 2010
  • Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, Steven J. Lee, Satish Rao, and J. D. Tygar, Query Strategies for Evading Convex-Inducing Classifiers, in Journal of Machine Learning Research, 13(May), pp. 1293-1332, MIT Press, 2012
    • Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Steven Lee, Satish Rao, Anthony Tran, and J. D. Tygar, Near Optimal Evasion of Convex-Inducing Classifiers, in Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics (AISTATS 2010), pp. 549-556, 2010
  • Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar, Adversarial Machine Learning, in Proceedings of the 4th ACM Workshop on Artificial Intelligence and Security, pp. 43-54, 21 October 2011
  • Alvaro A. Cárdenas, Rachel Greenstadt, and Benjamin I. P. Rubinstein (eds.), Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, 116 pages, ACM Press, October 2011
  • Adam Barth, Saung Li, Benjamin I. P. Rubinstein, and Dawn Song, How Open Should Open Source Be?, Technical Report UCB/EECS-2011-98, Dept. EECS, UC Berkeley, 31 August 2011
  • Arvind Narayanan, Elaine Shi, and Benjamin Rubinstein, Link Prediction by De-anonymization: How We Won the Kaggle Social Network Challenge, in Proceedings of the 2011 International Joint Conference on Neural Networks (IJCNN), pp. 1825-1834, IEEE, 22 February 2011
  • Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, and J. D. Tygar, Classifier Evasion: Models and Open Problems, in ECML/PKDD Workshop on Privacy and Security Issues in Data Mining and Machine Learning, 2010
  • Benjamin Rubinstein, Secure Learning and Learning for Security: Research in the Intersection, PhD Dissertation, Dept. EECS, UC Berkeley, 13 May 2010
  • Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Satish Rao, Nina Taft, and J. D. Tygar, ANTIDOTE: Understanding and Defending against Poisoning of Anomaly Detectors, in Proceedings of the Ninth Internet Measurement Conference (IMC 2009), pp. 1-14, 2009
    • Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Satish Rao, Nina Taft, and J. D. Tygar, Stealthy Poisoning Attacks on PCA-based Anomaly Detectors, in ACM SIGMETRICS Performance Evaluation Review, 37(2), pp. 73–74, 2009
    • Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Nina Taft, and Doug Tygar, Compromising PCA-based Anomaly Detectors for Network-Wide Traffic, Technical Report UCB/EECS-2008-73, Dept. EECS, UC Berkeley, May 2008
    • Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Nina Taft, and J. D. Tygar, Evading Anomaly Detection through Variance Injection Attacks on PCA (Extended Abstract), in Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (RAID 2008), pp. 394-395, 2008 winner of RAID08 best poster award
  • Blaine Nelson, Marco Barreno, Fuching Jack Chi, Anthony D. Joseph, Benjamin I. P. Rubinstein, Udam Saini, Charles Sutton, J. D. Tygar, and Kai Xia, Misleading Learners: Co-opting Your Spam Filter, book chapter in Machine Learning in Cyber Trust: Security, Privacy, and Reliability, pp. 17–51, Springer, 2009
    • Blaine Nelson, Marco Barreno, Fuching Jack Chi, Anthony D. Joseph, Benjamin I. P. Rubinstein, Udam Saini, Charles Sutton, J. D. Tygar, and Kai Xia, Exploiting Machine Learning to Subvert Your Spam Filter, in First USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET’08), 2008
  • Marco Barreno, Peter L. Bartlett, Fuching Jack Chi, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, Udam Saini, and J. D. Tygar, Open Problems in the Security of Learning, in Proceedings of the 1st ACM Workshop on AISec (AISec 2008), pp. 19-26, 2008