Australian researchers have developed a spam classifier based on game theory they say outperforms current models.
University of Sydney Professor and NICTA researchers Sanjay Chawla and Wei Liu together with PhD student Fei Wang developed the system based on repetitive game theory -- a study into decision making -- which they said would better predict spammers attacks and become redundant much more slowly than current filters.
"Attackers change their data to circumvent the classifier (spam filter) so the spam filter needs to be retrained," Chawla told SC.
"Our work means the spam filter need not be upgraded as regularly which cuts cost".
The work built on his 2010 research and focused on so-called sparse feature attacks in which a spammer could manipulate a limited amount of features. (pdf)
In a paper detailing the research they described their work as unique. (pdf)
"...we model the interaction between a classifier and an adversary as a repeated game. Experiments on benchmark data sets show that the classifier learnt from the game outperforms a corresponding standard model. To the best of our knowledge, this paper is the first attempt to use sparse modelling techniques for adversarial learning."
"In the future we plan to design a new algorithm for the simultaneous game so that we can solve for a real Nash Equilibrium. Also, we may combine multi-assumptions of the adversary’s behaviour and build an ensemble classifier that is more robust in the presenceof adversaries.
Chalwa said classification models were hindered by concept drift -- in which spam filters lose effectiveness as issues relating to for example society and the economy evolve -- and adversarial reaction -- in which attackers attempt to circumvent and reverse engineer filters forcing the technology to be updated.
The attacker-focused research unified the two models and assumed that spammers had unlimited budgets and could continuously mitigate spam feature sets.
The new system outperformed traditional spam filters over a 12 month observation period when fed with email test data, Chawla said.
Student Fei Wang was in early stages into examining how to apply the research to health insurance claims.
Chawla, also of the Federal Government funded Capital Markets Cooperative Research Centre, was separately examining how to improve signature and pattern -based network anomaly detection.
"We are trying to characterise what is normal behaviour so that when there is a deviation, we will try to flag it," he said.