Randomized Prediction Games for Adversarial Machine Learning
Malware code is typically obfuscated using random strings or byte sequences to hide known exploits and increase their chances of evading detection. Randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it hides information about the classifier from the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for randomization. This work proposes a non-cooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections. The approach allows an improvement in the trade-off between attack detection and false alarms even against attacks that are different from those hypothesized during design. Reducing false alarms is a crtical problem in the cost effective analysis of security data.