对抗逃避攻击的过滤式对抗特征选择研究

黄启萌; 吴苗苗; 李云

doi:10.11959/j.issn.1000-0801.2023140

您当前的位置：

首页 >

文章列表页 >

对抗逃避攻击的过滤式对抗特征选择研究

研究与开发 | 更新时间：2024-06-05

- 对抗逃避攻击的过滤式对抗特征选择研究
- Research on filter-based adversarial feature selection against evasion attacks
- 电信科学 2023年39卷第7期页码：46-58
- 作者机构：
  
  1. 南京邮电大学，江苏南京 210023
  2. 江苏省大数据安全与智能处理重点实验室，江苏南京 210023
- 作者简介：
  
  [ "黄启萌（1997- ），男，南京邮电大学硕士生，主要研究方向为模式识别和机器学习" ]
  [ "吴苗苗（1992- ），女，毕业于南京邮电大学，主要研究方向为模式识别和机器学习" ]
  [ "李云（1977- ），男，博士，南京邮电大学教授、博士生导师，主要研究方向为模式识别、机器学习、特征选择、自然语言处理以及信息安全" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61772284)
- DOI：10.11959/j.issn.1000-0801.2023140
  中图分类号： TP393
- 网络出版日期：2023-07，
  
  纸质出版日期：2023-07-20
- 稿件说明：
移动端阅览
黄启萌, 吴苗苗, 李云. 对抗逃避攻击的过滤式对抗特征选择研究[J]. 电信科学, 2023,39(7):46-58.

Qimeng HUANG, Miaomiao WU, Yun LI. Research on filter-based adversarial feature selection against evasion attacks[J]. Telecommunications science, 2023, 39(7): 46-58.
黄启萌, 吴苗苗, 李云. 对抗逃避攻击的过滤式对抗特征选择研究[J]. 电信科学, 2023,39(7):46-58. DOI： 10.11959/j.issn.1000-0801.2023140.

Qimeng HUANG, Miaomiao WU, Yun LI. Research on filter-based adversarial feature selection against evasion attacks[J]. Telecommunications science, 2023, 39(7): 46-58. DOI： 10.11959/j.issn.1000-0801.2023140.

摘要

随着机器学习技术的高速发展和大规模应用，其安全性越来越受关注，对抗性机器学习成为研究热点。在对抗性环境中，机器学习技术面临着被攻击的威胁，如垃圾邮件检测、交通信号识别、网络入侵检测等，攻击者通过篡改少量样本诱使分类器做出错误的分类决策，从而产生严重后果。基于最大相关最小冗余（mRMR），并考虑对抗逃避攻击的安全度量，设计了过滤式对抗特征选择的评价准则。此外，还基于分解策略的多目标演化子集选择（DPOSS）算法，提出一种鲁棒性对抗特征选择算法 SDPOSS，其不依赖后续模型，且能有效处理大规模高维特征。实验结果表明，随着分解个数的增加，SDPOSS 的运行时间会线性下降，且获得很好的分类性能。同时，SDPOSS算法在逃避攻击下的鲁棒性较好，为对抗性机器学习提供了新的思路。

Abstract

With the rapid development and widespread application of machine learning technology

its security has attracted increasing attention

leading to a growing interest in adversarial machine learning.In adversarial scenarios

machine learning techniques are threatened by attacks that manipulate a small number of samples to induce misclassification

resulting in serious consequences in various domains such as spam detection

traffic signal recognition

and network intrusion detection.An evaluation criterion for filter-based adversarial feature selection was proposed

based on the minimum redundancy and maximum relevance (mRMR) method

while considering security metrics against evasion attacks.Additionally

a robust adversarial feature selection algorithm was introduced

named SDPOSS

which was based on the decomposition-based Pareto optimization for subset selection (DPOSS) algorithm.SDPOSS didn’t depend on subsequent models and effectively handles large-scale high-dimensional feature spaces.Experimental results demonstrate that as the number of decompositions increases

the runtime of SDPOSS decreases linearly

while achieving excellent classification performance.Moreover

SDPOSS exhibits strong robustness against evasion attacks

providing new insights for adversarial machine learning.

关键词

Keywords

references

PUGH K . Attacks on linking revisited:a new look at Bion’s classic work [J ] . The International Journal of Psychoanalysis , 2020 , 101 ( 2 ): 402 - 406 .

SHEN M , YU H , ZHU L H , et al . Effective and robust physical-world attacks on deep learning face recognition systems [J ] . IEEE Transactions on Information Forensics and Security , 2021 ( 16 ): 4063 - 4077 .

RAO S , VERMA A K , BHATIA T . A review on social spam detection:challenges,open issues,and future directions [J ] . Expert Systems With Applications , 2021 ( 186 ): 115742 .

SALMAN E H , TAHER M A , HAMMADI Y I , et al . An anomaly intrusion detection for high-density Internet of things wireless communication network based deep learning algorithms [J ] . Sensors (Basel,Switzerland) , 2022 , 23 ( 1 ): 206 .

HANG J , HAN K J , CHEN H , et al . Ensemble adversarial black-box attacks against deep learning systems [J ] . Pattern Recognition , 2020 ,101:107184.

SELVAGANAPATHY S G , SADASIVAM S . Defense against adversarial malware using robust classifier:dam-ROC [J ] . Sādhanā , 2022 , 47 ( 4 ): 209 .

ZHANG F , CHAN P P K , BIGGIO B , et al . Adversarial feature selection against evasion attacks [J ] . IEEE Transactions on Cybernetics , 2016 , 46 ( 3 ): 766 - 777 .

QIAN C , YU Y , ZHOU Z H . Subset selection by Pareto optimization [C ] // Proceedings of the 28th International Conference on Neural Information Processing Systems . Cambridge:MIT Press , 2015 : 1774 - 1782 .

钱超 , 周志华 . 基于分解策略的多目标演化子集选择算法 [J ] . 中国科学(信息科学) , 2016 , 46 ( 9 ): 1276 - 1287 .

QIAN C , ZHOU Z H . Decomposition-based Pareto optimization for subset selection [J ] . Scientia Sinica (Informationis) , 2016 , 46 ( 9 ): 1276 - 1287 .

QIAN C , BIAN C , FENG C . Subset selection by Pareto optimization with recombination [J ] . Proceedings of the AAAI Conference on Artificial Intelligence , 2020 , 34 ( 3 ): 2408 - 2415 .

WU M M , LI Y . Adversarial mRMR against evasion attacks [C ] // Proceedings of 2018 International Joint Conference on Neural Networks (IJCNN) . Piscataway:IEEE Press , 2018 : 1 - 6 .

PENG H C , LONG F H , DING C . Feature selection based on mutual information:criteria of max-dependency,max-relevance,and Min-redundancy [J ] . IEEE Transactions on Pattern Analysis and Machine Intelligence , 2005 , 27 ( 8 ): 1226 - 1238 .

CORMACK G V . TREC 2007 spam track overview [C ] // Proceedings of the 16th Text REtrieval Conference .[S.l.:s.n. ] , 2007 .

BIGGIO B , PILLAI I , BULÒ S R , et al . Is data clustering in adversarial settings secure? [C ] // Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security . New York:ACM Press , 2013 : 87 - 98 .

ROČKOVÁ V GEORGE E I . The spike-and-slab LASSO [J ] . Journal of the American Statistical Association , 2018 , 113 ( 521 ): 431 - 444 .

浏览量

182

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据