Current Research:
I am currently a post-doctoral researcher at the University of Potsdam, Germany. I previously was a post-doctoral research fellow at the University of Tübingen, Germany and completed my doctoral studies at the University of California, Berkeley. My research focuses on learning algorithms particularly in the context of security-sensitive application domains. I investigate the vulnerability of learning to security threats and how resilient learning techniques can mitigate such security threats. I was a co-chair of the ACM Workshop on Artificial Intelligence and Security in 2012 and 2013 and was a co-organizer of a Dagstuhl Workshop entitled “Machine Learning Methods for Computer Security” in 2012. The following are my current research interests:
Security in machine learning:
In this project, we are studying the effect a malicious user can have on statistical learning techniques used in security-sensitive environments.
- Anthony D. Joseph and Pavel Laskov and Fabio Roli and J. Doug Tygar and Blaine Nelson. Machine Learning Methods for Computer Security (Dagstuhl Perspectives Workshop 12371) In Dagstuhl Reports 2(9), ISSN 2192-5283, pages 109-130, 2013. [pdf | bibtex]
- Battista Biggio, Blaine Nelson, and Pavel Laskov. Poisoning Attacks against Support Vector Machines, In Proceedings of the 29th Annual International Conference on Machine Learning (ICML), 2012. [ pdf | bibtex]
- Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, Steven J. Lee, Satish Rao, and J. D. Tygar. Query Strategies for Evading Convex-Inducing Classifiers, In the Journal of Machine Learning Research (JMLR), 13(May), 2012, pp. 1293-1332. [pdf | bibtex].
- Blaine Nelson, Battista Biggio, and Pavel Laskov. Understanding the Risk Factors of Learning in Adversarial Environments, In Proceedings of the 4th ACM Workshop on Artificial Intelligence and Security (AISec), 2011. [ pdf | bibtex]
- Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. Adversarial Machine Learning (Invited paper), In Proceedings of the 4th ACM Workshop on Artificial Intelligence and Security (AISec), 2011. [ pdf | bibtex]
- Blaine Nelson, Battista Biggio, and Pavel Laskov. Microbagging Estimators: An Ensemble Approach to Distance-weighted Classifiers, In Proceedings of the 3rd Asian Conference on Machine Learning (ACML), 2011, pages 63-79. [ pdf | bibtex]
- Battista Biggio, Blaine Nelson, and Pavel Laskov. Support Vector Machines Under Adversarial Label Noise, In Proceedings of the 3rd Asian Conference on Machine Learning (ACML), 2011, pages 97-112. [ pdf | bibtex]
- Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, and J. D. Tygar. Classifier Evasion: Models and Open Problems, In Privacy and Security Issues in Data Mining and Machine Learning, volume 6549 of Lecture Notes in Computer Science, 2011, pages 92-98. [ pdf | bibtex]
- Blaine Nelson, Behavior of Machine Learning Algorithms in Adversarial Environments (PhD dissertation). University of California, Berkeley, Department of EECS technical report UCB/EECS-2010-140. November 23 2010. [pdf | bibtex]
- Marco Barreno, Blaine Nelson, Anthony D. Joseph, and J. D. Tygar. The Security of Machine Learning, In Machine Learning Journal, 81(2), 2010, pp. 121-148. [pdf | bibtex].
- Blaine Nelson, Benjamin I. P. Rubinstein, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Steven Lee, Satish Rao, Anthony Tran and J. D. Tygar, Near-Optimal Evasion of Convex-Inducing Classifiers, In the Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics (AISTATS 2010), 2010. [pdf | bibtex]
- Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Satish Rao, Nina Taft, and J. D. Tygar, ANTIDOTE: Understanding and Defending against Poisoning of Anomaly Detectors, In the Proceedings of the Internet Measurement Conference (IMC 2009), 2009. [pdf | bibtex]
- Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Satish Rao, Nina Taft, and J. D. Tygar, Stealthy Poisoning Attacks on PCA-based Anomaly Detectors, In ACM SIGMETRICS Performance Evaluation Review, 2009. [pdf | bibtex]
- Blaine Nelson, Marco Barreno, Fuching Jack Chi, Anthony D. Joseph, Benjamin I. P. Rubinstein, Udam Saini, Charles Sutton, J. D. Tygar, and Kai Xia. Misleading learners: Co-opting your spam filter, Book chapter in Jeffrey J. P. Tsai and Philip S. Yu (eds.) Machine Learning in Cyber Trust: Security, Privacy, and Reliability, pg. 17-51, 2009. [pdf | bibtex]
- Marco Barreno, Peter L. Bartlett, Fuching Jack Chi, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, Udam Saini, and J. D. Tygar, Open Problems in the Security of Learning, In the Proceedings of the First ACM Workshop on Security and Artificial Intelligence (AISEC), pg. 19-26, 2008. [pdf | slides | bibtex]
- Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Nina Taft, and J. D. Tygar, Evading Anomaly Detection through Variance Injection Attacks on PCA (Extended Abstract), In the 11th International Symposium on Recent Advances in Intrusion Detection (RAID), pg. 394-395, 2008. Winner of the RAID08 Best Poster Award. [pdf | bibtex]
- Benjamin I. P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Nina Taft and J. D. Tygar, Compromising PCA-based Anomaly Detectors for Network-Wide Traffic, EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2008-73, 2008. [pdf | bibtex]
- Marco Barreno, Blaine Nelson, Anthony D. Joseph, and J. D. Tygar, The Security of Machine Learning, EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2008-43, 2008. [pdf | bibtex]
- Blaine Nelson, Marco Barreno, Fuching Jack Chi, Anthony D. Joseph, Benjamin I.P. Rubinstein, Udam Saini, Charles Sutton, J. D. Tygar, and Kai Xia, Exploiting Machine Learning to Subvert Your Spam Filter, In the Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET'08), San Francisco, CA, April 15, 2008. [pdf | slides | bibtex]
- Blaine Nelson, and Anthony D. Joseph, Bounding an Attack's Complexity for a Simple Learning Model , In the Proceedings of the First Workshop on Tackling Computer Systems Problems with Machine Learning Techniques (SysML) , Saint-Malo, France, June, 2006. [pdf | slides | bibtex]
- Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. D. Tygar, Can Machine Learning Be Secure? (Invited paper) , In the Proceedings of the ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS'06) , Taipei, Taiwan, March, 2006. [pdf | bibtex]
SAT-based DTP
This project has focused on developing solvers for large instances of Disjunctive Temporal Problems (DTPs) by converting them into a SAT representation.
- Blaine Nelson and T. K. Satish Kumar, CircuitTSAT: A Solver for Large Instances of the Disjunctive Temporal Problem, In the Proceedings of the International Conference on Automated Planning and Scheduling (ICAPS), 2008. [pdf | slides | bibtex]
Clustering with Pairwise Constraints
This project explored the use of pairwise constraints between data points for clustering algorithms. The constraints we considered indicated whether pairs of points belonged to the same cluster or to different clusters. Using these constraints, one is able to better cluster data as has been demonstrated in several image applications. Our contribution was a new sampling algorithm that uses these constraints.
- Blaine Nelson and Ira Cohen, Revisiting Probabilistic Models for Clustering with Constraints, In the Proceedings of the International Conference on Machine Learning (ICML), 2007. [pdf | slides | bibtex]
Adaptive Protection Environment
This project uses machine learning techniques to identify viruses in email traffic.
- Marco Barreno, Blaine Nelson, Russell Sears, and Anthony D. Joseph, User Model Transfer for Email Virus Detection, In the Proceedings of the First Workshop on Tackling Computer Systems Problems with Machine Learning Techniques (SysML), Saint-Malo, France, June, 2006. [pdf | bibtex]
- Blaine Nelson, Designing, Implementing, and Analyzing a System for Virus Detection (Master's dissertation) University of California, Berkeley, Department of EECS technical report UCB/EECS-2006-27, March 19 2006. [pdf | bibtex]
- Steven Martin, Anil Sewani, Blaine Nelson, Karl Chen, and Anthony D. Joseph, Analyzing Behavioral Features for Email Classification, In the Proceedings of the IEEE Second Conference on Email and Anti-Spam (CEAS 2005), July, 2005. [pdf | bibtex]
Duke Landmine Detection project
Talks
Here I list the research talks I've given and provide slides.
Conference Talks
- Microbagging Estimators: An Ensemble Approach to Distance-weighted Classifiers at the 3rd Asian Conference on Machine Learning (ACML), Tapei, November 2011.
- Understanding the Risk Factors of Learning in Adversarial Environments at the 4th ACM Workshop on Artificial Intelligence and Security (AISec), Chicago, IL, October 2011.
- Classifier Evasion: Models and Open Problems at the Privacy and Security Issues in Data Mining and Machine Learning, 2011
- Near-Optimal Evasion of Convex-Inducing Classifiers at the Thirteenth International Conference on Artificial Intelligence and Statistics (AISTATS), 2010.
- Open Problems in the Security of Learning at the First ACM Workshop on Security and Artificial Intelligence (AISEC), Chicago, IL, November 2008. [slides]
- Exploiting Machine Learning to Subvert Your Spam Filter at the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET'08), San Francisco, CA, April 15, 2008. [slides | audio]
- CircuitTSAT: A Solver for Large Instances of the Disjunctive Temporal Problem at the International Conference on Automated Planning and Scheduling (ICAPS), Sydney, Australia, 2008. [slides]
- Revisiting Probabilistic Models for Clustering with Constraints, In the Proceedings of the International Conference on Machine Learning (ICML), Corvallis, Oregon, 2007. [slides]
- Bounding an Attack's Complexity for a Simple Learning Model at the First Workshop on Tackling Computer Systems Problems with Machine Learning Techniques (SysML), Saint-Malo, France, June 2006. [slides]