Adversarial Example Generation Based on Particle Swarm Optimization

Yaguan QIAN; Hongbo LU; Shouling JI; Wujie ZHOU; Shuhui WU; Bensheng YUN; Xiangxing TAO; Jingsheng LEI

doi:10.11999/JEIT180777

Volume 41 Issue 7

Jul. 2019

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2019 > 41(7): 1658-1665

Yaguan QIAN, Hongbo LU, Shouling JI, Wujie ZHOU, Shuhui WU, Bensheng YUN, Xiangxing TAO, Jingsheng LEI. Adversarial Example Generation Based on Particle Swarm Optimization[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1658-1665. doi: 10.11999/JEIT180777

Citation:

Yaguan QIAN, Hongbo LU, Shouling JI, Wujie ZHOU, Shuhui WU, Bensheng YUN, Xiangxing TAO, Jingsheng LEI. Adversarial Example Generation Based on Particle Swarm Optimization[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1658-1665. doi: 10.11999/JEIT180777

Citation:

Yaguan QIAN, Hongbo LU, Shouling JI, Wujie ZHOU, Shuhui WU, Bensheng YUN, Xiangxing TAO, Jingsheng LEI. Adversarial Example Generation Based on Particle Swarm Optimization[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1658-1665. doi: 10.11999/JEIT180777

PDF( 1507 KB)

Adversarial Example Generation Based on Particle Swarm Optimization

doi: 10.11999/JEIT180777 cstr: 32379.14.JEIT180777

1.
School of Science/School of Big-data Science, Zhejiang University of Science and Technology, Hangzhou 310023, China
2.
School of Computer Science, Zhejiang University, Hangzhou 310027, China
3.
School of Electronic and Information Engineering, Zhejiang University of Science and Technology, Hangzhou 310023, China

Funds: Zhejiang Natural Science Foundation (LY17F020011, LY18F020012), The Scientific Project of Zhejiang Provincial Science and Technology Department (LGG19F030001), The National Natural Science Foundation of China(61772466, 61672337, 11771399)

Received Date: 2018-08-06
Rev Recd Date: 2019-01-28

Available Online: 2019-02-15

Publish Date: 2019-07-01

Abstract

Abstract

As machine learning is widely applied to various domains, its security vulnerability is also highlighted. A PSO (Particle Swarm Optimization) based adversarial example generation algorithm is proposed to reveal the potential security risks of Support Vector Machine (SVM). The adversarial examples, generated by slightly crafting the legitimate samples, can mislead SVM classifier to give wrong classification results. Using the linear separable property of SVM in high-dimensional feature space, PSO is used to find the salient features, and then the average method is used to map back to the original input space to construct the adversarial example. This method makes full use of the easily finding salient features of linear models in the feature space, and the interpretable advantages of the original input space. Experimental results show that the proposed method can fool SVM classifier by using the adversarial example generated by less than 7 % small perturbation, thus proving that SVM has obvious security vulnerability.
- Machine learning,
- Support Vector Machine(SVM),
- Exploring attacks,
- Salient perpetuation,
- Adversarial example

FullText(HTML)

References(23)

References

BARRENO M, NELSON B, SEARS R, et al. Can machine learning be secure?[C]. Proceedings of 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, China, 2006: 16–25. doi: 10.1145/1128817.1128824.

LI Pan, ZHAO Wentao, LIU Qiang, et al. Security issues and their countermeasuring techniques of machine learning: A survey[J]. Journal of Frontiers of Computer Science & Technology, 2018, 12(2): 171–184.

SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks[EB/OL]. http://arxiv.org/abs/1312.6199v4, 2014.

PAPERNOT N, MCDANIEL P, JHA S, et al. The limitations of deep learning in adversarial settings[C]. Proceedings of 2016 IEEE European Symposium on Security and Privacy, Saarbrucken, Germany, 2016: 372–387. doi: 10.1109/EuroSP.2016.36.

PAPERNOT N, MCDANIEL P, GOODFELLOW I, et al. Practical black-box attacks against machine learning[EB/OL]. http://arxiv.org/abs/1602.02697v4, 2017.

AKHTAR N and MIAN A. Threat of adversarial attacks on deep learning in computer vision: A survey[J]. IEEE Access, 2018, 6: 14410–14430. doi: 10.1109/ACCESS.2018.2807385

CORTES C and VAPNIK V. Support-vector networks[J]. Machine Learning, 1995, 20(3): 273–297. doi: 10.1007/BF00994018

BIGGIO B, NELSON B, and LASKOV P. Support vector machines under adversarial label noise[C]. Proceedings of the 3rd Asian Conference on Machine Learning, Taoyuan, China, 2011, 20: 97–112.

BIGGIO B, NELSON B, and LASKOV P. Poisoning attacks against support vector machines[EB/OL]. http://arxiv.org/abs/1206.6389v3, 2013.

MEI Shike and ZHU Xiaojin. Using machine teaching to identify optimal training-set attacks on machine learners[C]. Proceedings of the Twenty-Ninth AAAI Conference on Artificial Intelligence, Austin, USA, 2015: 2871–2877.

CHEN Zhipeng, TONDI B, LI Xiaolong, et al. A gradient-based pixel-domain attack against SVM detection of global image manipulations[C]. Proceedings of 2017 IEEE Workshop on Information Forensics and Security, Rennes, France, 2017: 1–6. doi: 10.1109/WIFS.2017.8267668.

BIGGIO B, CORONA I, MAIORCA D, et al. Evasion attacks against machine learning at test time[EB/OL]. http://arxiv.org/abs/1708.06131, 2013.

GOLLAND P. Discriminative direction for kernel classifiers[C]. Proceedings of the 14th International Conference on Neural Information Processing Systems: Natural and Synthetic, Vancouver, British Columbia, Canada, 2001: 745–752.

AMRAEE S, VAFAEI A, JAMSHIDI K, et al. Abnormal event detection in crowded scenes using one-class SVM[J]. Signal, Image and Video Processing, 2018, 12(6): 1115–1123. doi: 10.1007/s11760-018-1267-z

BENMAHAMED Y, TEGUAR M, and BOUBAKEUR A. Application of SVM and KNN to Duval pentagon 1 for transformer oil diagnosis[J]. IEEE Transactions on Dielectrics and Electrical Insulation, 2017, 24(6): 3443–3451. doi: 10.1109/TDEI.2017.006841

SCHNALL A and HECKMANN M. Feature-space SVM adaptation for speaker adapted word prominence detection[J]. Computer Speech & Language, 2019, 53: 198–216. doi: 10.1016/j.csl.2018.06.001

ZHAO Rui and MAO Kezhi. Semi-random projection for dimensionality reduction and extreme learning machine in high-dimensional space[J]. IEEE Computational Intelligence Magazine, 2015, 10(3): 30–41. doi: 10.1109/MCI.2015.2437316

EBERHART R and KENNEDY J. A new optimizer using particle swarm theory[C]. Proceedings of the Sixth International Symposium on Micro Machine and Human Science, Nagoya, Japan, 2002: 39–43. doi: 10.1109/MHS.1995.494215.

SHI Y and EBERHART R. A modified particle swarm optimizer[C]. Proceeding of 1998 IEEE International Conference on Evolutionary Computation, World Congress on Computational Intelligence, Anchorage, USA, 1998: 69–73. doi: 10.1109/ICEC.1998.699146.

LIN S W, YING K C, CHEN S C, et al. Particle swarm optimization for parameter determination and feature selection of support vector machines[J]. Expert Systems with Applications, 2008, 35(4): 1817–1824. doi: 10.1016/j.eswa.2007.08.088

LECUN Y, CORTES C, and BURGES C J C. The MNIST database of handwritten digits[EB/OL]. http://yann.lecun.com/exdb/mnist/, 2010.

YALE. The Yale face database[OL]. http://cvc.cs.yale.edu/cvc/projects/yalefaces/yalefaces.html, 1997.

何光辉, 唐远炎, 房斌, 等. 图像分割方法在人脸识别中的应用[J]. 计算机工程与应用, 2010, 46(28): 196–198. doi: 10.3778/j.issn.1002-8331.2010.28.055

HE Guanghui, TANG Yuanyan, FANG Bin, et al. Image partition method in face recognition[J]. Computer Engineering and Applications, 2010, 46(28): 196–198. doi: 10.3778/j.issn.1002-8331.2010.28.055

Relative Articles

Supplements(0)

Cited By

Proportional views