Publication Date
12-2016
Abstract
It has been recently shown that it is possible to "cheat" many machine learning algorithms -- i.e., to perform minor modifications of the inputs that would lead to a wrong classification. This feature can be used by adversaries to avoid spam detection, to create a wrong identification allowing access to classified information, etc. In this paper, we propose a solution to this problem: namely, instead of applying the original machine learning algorithm to the original inputs, we should first perform a random modification of these inputs. Since machine learning algorithms perform well on random data, such a random modification ensures us that the algorithm will, with a high probability, work correctly on the modified inputs. An additional advantage of this idea is that it also provides an additional privacy protection.
Comments
Technical Report: UTEP-CS-16-95
To appear in Mathematical Structures and Modeling, 2017, Vol. 42.