CPC G06F 21/562 (2013.01) [G06F 18/2113 (2023.01); G06F 18/22 (2023.01); G06F 21/554 (2013.01); G06N 20/00 (2019.01)] | 13 Claims |
1. A system for building a robust classifier against evasion attacks, the system comprising:
a storage medium, the storage medium being coupled to a processor;
the processor configured to:
receive an application;
identify one or more features of the application;
determine a first confidence score for a first version of the application including a first set of features and determining a second confidence score for a second version of the application including a second set of features, wherein the first set of features is different than the second set of features;
determine a difference between the first confidence score and the second confidence score;
compare the difference with a convergence threshold;
based on the comparison, determine whether the first confidence score exceeds a confidence score threshold; and
generate a report based on determining the first confidence score exceeds the confidence score threshold;
wherein in response to determining the difference is greater than the convergence threshold, the processor is configured to:
determine a third version of the application by removing one feature of the one or more features from the second version of the application;
determine a third confidence score of the third version of the application;
determine a difference between the second confidence score and the third confidence score;
compare the difference with the convergence threshold;
based on the comparison, determine whether the second confidence score exceeds the confidence score threshold; and
generate the report based on determining the second confidence score exceeds the confidence score threshold.
|