Evading classifiers in discrete domains with provable optimality guarantees

10/25/2018
by   Bogdan Kulynych, et al.
0

Security-critical applications such as malware, fraud, or spam detection, require machine learning models that operate on examples from constrained discrete domains. In these settings, gradient-based attacks that rely on adding perturbations often fail to produce adversarial examples that meet the domain constraints, and thus are not effective. We introduce a graphical framework that (1) formalizes existing attacks in discrete domains, (2) efficiently produces valid adversarial examples with guarantees of minimal cost, and (3) can accommodate complex cost functions beyond the commonly used p-norm. We demonstrate the effectiveness of this method by crafting adversarial examples that evade a Twitter bot detection classifier using a provably minimal number of changes.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
08/10/2018

Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection

Machine learning based solutions have been successfully employed for aut...
research
02/24/2021

Adversarial Robustness with Non-uniform Perturbations

Robustness of machine learning models is critical for security related a...
research
12/12/2021

Quantifying and Understanding Adversarial Examples in Discrete Input Spaces

Modern classification algorithms are susceptible to adversarial examples...
research
10/07/2020

Not All Datasets Are Born Equal: On Heterogeneous Data and Adversarial Examples

Recent work on adversarial learning has focused mainly on neural network...
research
08/27/2022

Adversarial Robustness for Tabular Data through Cost and Utility Awareness

Many machine learning problems use data in the tabular domains. Adversar...
research
11/02/2017

Provable defenses against adversarial examples via the convex outer adversarial polytope

We propose a method to learn deep ReLU-based classifiers that are provab...

Please sign up or login with your details

Forgot password? Click here to reset