By Mauro Barni, Department of Information Engineering and Mathematics, University of Siena, Italy, barni@dii.unisi.it | Benedetta Tondi, Department of Information Engineering and Mathematics, University of Siena, Italy, benedettatondi@gmail.com
The present monograph focuses on the detection problem in adversarial setting. When framed in an adversarial setting, classical detection theory can not be applied any more, since, in order to make a correct decision, the presence of an adversary must be taken into account when designing the detector. In particular, the interplay between the Defender (), wishing to carry out the detection task, and the Attacker (), aiming at impeding it, must be investigated. The purpose of this monograph is to lay out the foundations of a general theory of adversarial detection, taking into account the impact that the presence of the adversary has on the design of the optimal detector. We do so by casting the adversarial detection problem into a game theoretical framework, which is then studied by relying on typical methods of information theory. As a final result, the theory allows to state the conditions under which both the false positive and false negative error probabilities tend to zero exponentially fast, and to relate the error exponents of the two kinds of errors to the distortion the attacker can introduce into the test sequence.
Binary detection is a ubiquitous problem in virtually all branches of science and technology. In many cases, binary detection must be carried out in a setting wherein the presence of an adversary aiming at inducing a wrong decision cannot be ruled out. Applications include network monitoring, spam filtering, multimedia forensics, video surveillance and biometric authentication to name but a few. In these cases, the attack is carried out at the time of testing. With the advent of widespread machine learning tools, the attacker can act during the learning phase, making it harder to detect. The main idea behind adversarial detection theory is to cast the detection problem into a game-theoretic framework. This allows the goals and the actions available to the two contenders to be rigorously defined.
In this monograph, the authors address several variants of a general adversarial binary detection problem, depending on the knowledge available to the Defender and the Attacker of the statistical characterization of a system. They lead the reader through the considerations and solutions under two hypotheses, using a framework that can be adopted in many applications.
This monograph, aimed at students, researchers and practitioners working in the application areas who want an accessible introduction to the theory behind Adversarial Binary Detection and the possible solutions to their particular problem.