Using statistical machine learning for making security decisions introduces new vulnerabilities in large scale systems. We show how an adversary can exploit statistical machine learning, as used in the SpamBayes spam filter, to render it useless—even if the adversary’s access is limited to only 1% of the spam training messages. We demonstrate three new attacks that successfully make the filter unusable, prevent victims from receiving specific email messages, and cause spam emails to arrive in the victim’s inbox.
|Title of host publication||Machine Learning in Cyber Trust|
|Subtitle of host publication||Security, Privacy, and Reliability|
|Number of pages||35|
|Publication status||Published - 2009|