Exploiting Machine Learning to Subvert Your Spam Filter

Using statistical machine learning for making security decisions introduces new vulnerabilities in large scale systems. This paper shows how an adversary can exploit statistical machine learning, as used in the SpamBayes spam filter, to render it useless - even if the adversary's access is limited to only 1% of the training messages. The authors further demonstrate a new class of focused attacks that successfully prevent victims from receiving specific email messages. Finally, this paper introduces two new types of defenses against these attacks.