October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Classifiers under attack

David Evans (University of Virginia)
3:50pm–4:30pm Wednesday, 11/02/2016
Security in context (security datasci)
Location: Trianon Ballroom Level: Intermediate
Average rating: ****.
(4.33, 3 ratings)

Prerequisite knowledge

  • A basic understanding of machine-learning classifiers

What you'll learn

  • Understand the risks of using machine-learning classifiers for security applications
  • Learn methods that can be used to evaluate the robustness of certain types of classifiers
  • Explore the steps that can be taken to increase the robustness of machine-learning classifiers used in security applications


Machine-learning models are popular in security tasks such as malware detection, network intrusion detection, and spam detection. These models can achieve extremely high accuracy on test datasets and are widely used in practice.

However, these results are for particular test datasets. Unlike other fields, security tasks involve adversaries responding to the classifier. For example, attackers may try to generate new malware deliberately designed to evade existing classifiers. This breaks the assumption of machine-learning models that the training data and the operational data share the same data distribution. As a result, it is important to consider attackers’ efforts to disrupt or evade the generated models.

David Evans provides an introduction to the techniques adversaries use to circumvent machine-learning classifiers and presents case studies of machine classifiers under attack. David then outlines methods for automatically predicting the robustness of a classifier when used in an adversarial context and techniques that may be used to harden a classifier to decrease its vulnerability to attackers.

Photo of David Evans

David Evans

University of Virginia

David Evans is a professor of computer science at the University of Virginia and leader of the Security Research Group. His research focuses on privacy and security for computing systems and empowering individuals and organizations to control how their data is used and shared. He is the author of an open computer science textbook and a children’s book on combinatorics and computability and teacher of one of the world’s most popular MOOCs. He won the Outstanding Faculty Award from the State Council of Higher Education for Virginia, an all-university teaching award, and was program co-chair for the 31st and 32nd IEEE Symposia on Security and Privacy and will be program co-chair for ACM CCS 2017. He holds SB, SM, and PhD degrees in computer science from MIT.

Comments on this page are now closed.


Picture of David Evans
10/15/2016 3:29pm EDT

Hi all,

This site has some more information about one of the things I’ll talk about: http://evademl.org/

Feel free to post any questions or comments here, or to email me directly (evans@virginia.edu).

Look forward to meeting you in New York!

Feel free to post any suggestions for topics you wan