Return to search

Automated Attacks on Compression-Based Classifiers

Methods of compression-based text classification have proven their usefulness for various applications. However, in some classification problems, such as spam filtering, a classifier confronts one or many adversaries willing to induce errors in the classifier's judgment on certain kinds of input. In this thesis, we consider the problem of finding thrifty strategies for character-based text modification that allow an adversary to revert classifier's verdict on a given family of input texts. We propose three statistical statements of the problem that can be used by an attacker to obtain transformation models which are optimal in some sense. Evaluating these three techniques on a realistic spam corpus, we find that an adversary can transform a spam message (detectable as such by an entropy-based text classifier) into a legitimate one by generating and appending, in some cases, as few additional characters as 20% of the original length of the message.

Identiferoai:union.ndltd.org:uoregon.edu/oai:scholarsbank.uoregon.edu:1794/18439
Date29 September 2014
CreatorsBurago, Igor
ContributorsLowd, Daniel
PublisherUniversity of Oregon
Source SetsUniversity of Oregon
Languageen_US
Detected LanguageEnglish
TypeElectronic Thesis or Dissertation
RightsAll Rights Reserved.

Page generated in 0.0019 seconds