Machine learning techniques have been successfully employed in security applications that protect network devices, such as spam filtering, intrusion detection, malware identification and detection, and biometric recognition. Accordingly, machine learning has become a fundamental tool for computer security due to its efficiency, effectiveness, and reliability in dealing with changing and complex datasets.
Unfortunately, however, conventional machine learning techniques are generally designed for a non-adversarial environment. For example, conventional machine learning techniques generally assume that the data employed in training a machine learning classifier will not be subject to abuse at the runtime when the machine learning classifier is accessed. However, with a growing number of security applications built upon this assumption, machine learning classifiers themselves are increasingly targets of attacks from malicious adversaries seeking to access the data employed in training the machine learning classifiers. Because the data employed in training machine learning classifiers is often sensitive data (such as user-specific personal data), these attacks from malicious adversaries on the machine learning classifiers can leave the machine learning classifiers vulnerable.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.