一种基于贪心算法的SVM扰动攻击方法

钱亚冠; 关晓惠; 吴淑慧; 云本胜; 任东晓

doi:10.11959/j.issn.1000−0801.2019014

您当前的位置：

首页 >

文章列表页 >

一种基于贪心算法的SVM扰动攻击方法

研究与开发 | 更新时间：2024-06-05

- 一种基于贪心算法的SVM扰动攻击方法
- A novel perturbation attack on SVM by greedy algorithm
- 电信科学 2019年35卷第1期页码：81-89
- 作者机构：
  
  1. 浙江科技学院，浙江杭州 310023
  2. 浙江水利水电学院，浙江杭州 310018
- 作者简介：
  
  [ "钱亚冠（1976− ），男，博士，浙江科技学院理学院副教授，主要研究方向为互联网流量分类、机器学习与大数据处理、对抗性机器学习。" ]
  [ "关晓惠（1977− ），女，浙江水利水电学院副教授，主要研究方向为对抗性机器学习。" ]
  [ "吴淑慧（1975− ），女，博士，浙江科技学院理学院讲师，主要研究方向为量子计算与机器学习。" ]
  [ "云本胜（1980− ），男，博士，浙江科技学院理学院讲师，主要研究方向为数据挖掘、服务计算。" ]
  [ "任东晓（1982− ），女，博士，浙江科技学院理学院高级工程师，主要研究方向为机器学习与大数据处理。" ]
- 基金信息：
  
  浙江省自然科学基金资助项目;The Natural Science Foundation of Zhejiang Province of China(No.LY17F020011);浙江省公益技术应用研究项目;The Scientific Project of Zhejiang Provincial Science and Technology Department(No.LGG19F030001);国家自然科学基金资助项目;The National Natural Science Foundation of China(No.61572163)
- DOI：10.11959/j.issn.1000−0801.2019014
  中图分类号： TP309.2
- 网络出版日期：2019-01，
  
  纸质出版日期：2019-01-20
- 稿件说明：
移动端阅览
钱亚冠, 关晓惠, 吴淑慧, 等. 一种基于贪心算法的SVM扰动攻击方法[J]. 电信科学, 2019,35(1):81-89.

Yaguan QIAN, Xiaohui GUAN, Shuhui WU, et al. A novel perturbation attack on SVM by greedy algorithm[J]. Telecommunications science, 2019, 35(1): 81-89.
钱亚冠, 关晓惠, 吴淑慧, 等. 一种基于贪心算法的SVM扰动攻击方法[J]. 电信科学, 2019,35(1):81-89. DOI： 10.11959/j.issn.1000−0801.2019014.

Yaguan QIAN, Xiaohui GUAN, Shuhui WU, et al. A novel perturbation attack on SVM by greedy algorithm[J]. Telecommunications science, 2019, 35(1): 81-89. DOI： 10.11959/j.issn.1000−0801.2019014.

摘要

随着对机器学习安全问题的关注度不断提高，提出一种针对SVM（support vector machine，支持向量机）的攻击样本生成方法。这种攻击发生在测试阶段，通过篡改实例数据，达到欺骗SVM分类模型的目的，具有很大的隐蔽性。采用贪心策略在核空间中搜索显著性特征子集；然后将核空间中的扰动映射回输入空间，获得攻击样本。该方法通过不超过7%的小扰动量使测试样本错误地分类。对2个数据集进行实验，攻击均能取得成功。在人造数据集中，2%的扰动量下可使SVM分类器的错误率在50%以上；在MNIST数据集中，5%的扰动量可使SVM分类器错误率接近100%。

Abstract

With the increasing concern of machine learning security issues

an adversarial sample generation method for SVM was proposed. This attack occurred in the testing stage by manipulating with the sample tofool the SVM classification model. Greedy strategy was used to search for salient feature subsets in kernel space and then the perturbation in the kernel space was projected back into the input space to obtain attack samples. This method made the test samples misclassified by less than 7% perturbation. Experiments are carried out on two data sets

and both of them are successful. In the artificial data set

the classification error rate is above 50% under 2% perturbation. In MNIST data set

the classification error rate is close to 100% under 5% perturbation.

关键词

Keywords

references

SZEGEDY C , ZAREMBA W , SUTSKEVER I , et al . Intriguing properties of neural networks [Z ] . 2014 .

PAPERNOT N , MCDANIEL P , JHA S , et al . The limitations of deep learning in adversarial settings [C ] // IEEE European Symposium on Security and Privacy , March 21 , 2016 , Saarbrucken, Germany . Piscataway : IEEE Press , 2016 : 372 - 387 .

PAPERNOT N , MCDANIEL P , GOODFELLOW I , et al . Practical black-box attacks against deep learning systems using adversarial examples [J ] . arXiv: 1602.02697 , 2016 .

ABDELWAHAB M , BUSSO C . Domain adversarial for acoustic emotion recognition [J ] . IEEE/ACM Transactions on Audio, Speech, and Language Processing , 2018 : 1 .

BARRENO M , NELSON B , SEARS R , et al . Can machine learning be secure? [C ] // ACM Symposium on Information, Computer and Communications Security , March 21 , 2006 , Taipei, China . New York : ACM Press , 2006 : 16 - 25 .

CORTES C , VAPNIK V . Support-vector networks [J ] . Machine Learning , 1995 , 20 ( 3 ): 273 - 297 .

钱亚冠，关晓惠，吴淑慧，等 . 集成方法及其在流量分类中的应用s [J ] . 电信科学， 2018 , 34 ( 4 ): 41 - 48 .

QIAN Y G , GUAN X H , WU S H , et al . An approach of Bagging ensemble based on feature set and application for traffic classification [J ] . Telecomunications Science , 2018 , 34 ( 4 ): 41 - 48 .

李昊奇，应娜，郭春生，等 . 基于深度信念网络和线性单分类SVM的高维异常检测 [J ] . 电信科学， 2018 , 34 ( 1 ): 34 - 42 .

LI H Q , YING N , GUO C S , et al . High-dimensional outlier detection based on deep belief network and linear one-class SVM [J ] . Telecomunications Science , 2018 , 34 ( 1 ): 34 - 42 .

CLIFTON C W . Opportunities for private and secure machine learning [C ] // ACM Workshop on Workshop on Aisec , Oct 27 , 2008 , Alexandria, USA . New York : ACM Press , 2008 : 31 - 32 .

RIAZI M S , WEINERT C , TKACHENKO O , et al . Chameleon:a hybrid secure computation framework for machine learning applications [J ] . arXiv:1801.03239 , 2018 .

KIM M , SONG Y , WANG S , et al . Secure logistic regression based on homomorphic encryption: design and evaluation [J ] . Jmir Medical Informatics , 2018 , 6 ( 2 ).

BIGGIO B , NELSON B , LASKOV P . Support vector machines under adversarial label noise [J ] . Journal of Machine Learning Research , 2011 , 20 ( 3 ): 97 - 112 .

BIGGIO B , NELSON B , LASKOV P . Poisoning attacks against support vector machines [C ] // The 29 th International Conference on Machine Learning , June 26 - July 1 , 2012 , Edinburgh, Scotland . New York : ACM Press , 2012 : 1467 - 1474 .

LIN X , CHAN P P K . Causative attack to incremental support vector machine [C ] // International Conference on Machine Learning and Cybernetics , July 13 , 2014 , Lanzhou, China . Piscataway : IEEE Press , 2014 : 137 - 142 .

LIU W G , HU Y G . Approach for attack signatures generating based on SVM and sequencealignment [J ] . Journal of Central South University , 2012 , 43 ( 11 ): 4328 - 4332 .

CHEN Z , TONDI B , LI X , et al . A gradient-based pixel-domain attack against SVM detection of global image manipulations [C ] // Information Forensics and Security , Nov 10 , 2018 , Hong Kong, China . Piscataway : IEEE Press , 2018 : 1 - 6 .

AMRAEE S , VAFAEI A , JAMSHIDI K , et al . Abnormal event detection in crowded scenes using one-class SVM [J ] . Signal Image & Video Processing , 2018 ( 6 ): 1 - 9 .

BENMAHAMED Y , TEGUAR M , BOUBAKEUR A . Application of SVM and KNN to Duval Pentagon 1 for transformer oil diagnosis [J ] . IEEE Transactions on Dielectrics & Electrical Insulation , 2018 , 24 ( 6 ): 3443 - 3451 .

SCHNALL A , HECKMANN M . Feature-space SVM adaptation for speaker adapted word prominence detection [J ] . Computer Speech & Language , 2018 .

ZHAO R , MAO K . Semi-random projection for dimensionality reduction and extreme learning machine in high-dimensional space [J ] . IEEE Computational Intelligence Magazine , 2015 , 10 ( 3 ): 30 - 41 .

DEVORE R A , TEMLYAKOV V N . Some remarks on greedy algorithms [J ] . Advances in Computational Mathematics , 1996 , 5 ( 1 ): 173 - 187 .

LECUN Y , CORTES C . The MNIST database of handwritten digits [Z ] . 2010 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

一种基于支持向量机的服务质量评估方案

基于可解释机器学习模型的电信行业客户流失预测研究

基于流量特征重构与映射的物联网DDoS攻击单流检测方法

基于5G语音质差自适应算法研究及应用

基于区块链与深度学习的空间分集协作频谱感知系统