Advanced Search
Volume 41 Issue 7
Jul.  2019
Turn off MathJax
Article Contents
Yaguan QIAN, Hongbo LU, Shouling JI, Wujie ZHOU, Shuhui WU, Bensheng YUN, Xiangxing TAO, Jingsheng LEI. Adversarial Example Generation Based on Particle Swarm Optimization[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1658-1665. doi: 10.11999/JEIT180777
Citation: Yaguan QIAN, Hongbo LU, Shouling JI, Wujie ZHOU, Shuhui WU, Bensheng YUN, Xiangxing TAO, Jingsheng LEI. Adversarial Example Generation Based on Particle Swarm Optimization[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1658-1665. doi: 10.11999/JEIT180777

Adversarial Example Generation Based on Particle Swarm Optimization

doi: 10.11999/JEIT180777
Funds:  Zhejiang Natural Science Foundation (LY17F020011, LY18F020012), The Scientific Project of Zhejiang Provincial Science and Technology Department (LGG19F030001), The National Natural Science Foundation of China(61772466, 61672337, 11771399)
  • Received Date: 2018-08-06
  • Rev Recd Date: 2019-01-28
  • Available Online: 2019-02-15
  • Publish Date: 2019-07-01
  • As machine learning is widely applied to various domains, its security vulnerability is also highlighted. A PSO (Particle Swarm Optimization) based adversarial example generation algorithm is proposed to reveal the potential security risks of Support Vector Machine (SVM). The adversarial examples, generated by slightly crafting the legitimate samples, can mislead SVM classifier to give wrong classification results. Using the linear separable property of SVM in high-dimensional feature space, PSO is used to find the salient features, and then the average method is used to map back to the original input space to construct the adversarial example. This method makes full use of the easily finding salient features of linear models in the feature space, and the interpretable advantages of the original input space. Experimental results show that the proposed method can fool SVM classifier by using the adversarial example generated by less than 7 % small perturbation, thus proving that SVM has obvious security vulnerability.
  • loading
  • BARRENO M, NELSON B, SEARS R, et al. Can machine learning be secure?[C]. Proceedings of 2006 ACM Symposium on Information, Computer and Communications Security, Taipei, China, 2006: 16–25. doi: 10.1145/1128817.1128824.
    LI Pan, ZHAO Wentao, LIU Qiang, et al. Security issues and their countermeasuring techniques of machine learning: A survey[J]. Journal of Frontiers of Computer Science & Technology, 2018, 12(2): 171–184.
    SZEGEDY C, ZAREMBA W, SUTSKEVER I, et al. Intriguing properties of neural networks[EB/OL]. http://arxiv.org/abs/1312.6199v4, 2014.
    PAPERNOT N, MCDANIEL P, JHA S, et al. The limitations of deep learning in adversarial settings[C]. Proceedings of 2016 IEEE European Symposium on Security and Privacy, Saarbrucken, Germany, 2016: 372–387. doi: 10.1109/EuroSP.2016.36.
    PAPERNOT N, MCDANIEL P, GOODFELLOW I, et al. Practical black-box attacks against machine learning[EB/OL]. http://arxiv.org/abs/1602.02697v4, 2017.
    AKHTAR N and MIAN A. Threat of adversarial attacks on deep learning in computer vision: A survey[J]. IEEE Access, 2018, 6: 14410–14430. doi: 10.1109/ACCESS.2018.2807385
    CORTES C and VAPNIK V. Support-vector networks[J]. Machine Learning, 1995, 20(3): 273–297. doi: 10.1007/BF00994018
    BIGGIO B, NELSON B, and LASKOV P. Support vector machines under adversarial label noise[C]. Proceedings of the 3rd Asian Conference on Machine Learning, Taoyuan, China, 2011, 20: 97–112.
    BIGGIO B, NELSON B, and LASKOV P. Poisoning attacks against support vector machines[EB/OL]. http://arxiv.org/abs/1206.6389v3, 2013.
    MEI Shike and ZHU Xiaojin. Using machine teaching to identify optimal training-set attacks on machine learners[C]. Proceedings of the Twenty-Ninth AAAI Conference on Artificial Intelligence, Austin, USA, 2015: 2871–2877.
    CHEN Zhipeng, TONDI B, LI Xiaolong, et al. A gradient-based pixel-domain attack against SVM detection of global image manipulations[C]. Proceedings of 2017 IEEE Workshop on Information Forensics and Security, Rennes, France, 2017: 1–6. doi: 10.1109/WIFS.2017.8267668.
    BIGGIO B, CORONA I, MAIORCA D, et al. Evasion attacks against machine learning at test time[EB/OL]. http://arxiv.org/abs/1708.06131, 2013.
    GOLLAND P. Discriminative direction for kernel classifiers[C]. Proceedings of the 14th International Conference on Neural Information Processing Systems: Natural and Synthetic, Vancouver, British Columbia, Canada, 2001: 745–752.
    AMRAEE S, VAFAEI A, JAMSHIDI K, et al. Abnormal event detection in crowded scenes using one-class SVM[J]. Signal, Image and Video Processing, 2018, 12(6): 1115–1123. doi: 10.1007/s11760-018-1267-z
    BENMAHAMED Y, TEGUAR M, and BOUBAKEUR A. Application of SVM and KNN to Duval pentagon 1 for transformer oil diagnosis[J]. IEEE Transactions on Dielectrics and Electrical Insulation, 2017, 24(6): 3443–3451. doi: 10.1109/TDEI.2017.006841
    SCHNALL A and HECKMANN M. Feature-space SVM adaptation for speaker adapted word prominence detection[J]. Computer Speech & Language, 2019, 53: 198–216. doi: 10.1016/j.csl.2018.06.001
    ZHAO Rui and MAO Kezhi. Semi-random projection for dimensionality reduction and extreme learning machine in high-dimensional space[J]. IEEE Computational Intelligence Magazine, 2015, 10(3): 30–41. doi: 10.1109/MCI.2015.2437316
    EBERHART R and KENNEDY J. A new optimizer using particle swarm theory[C]. Proceedings of the Sixth International Symposium on Micro Machine and Human Science, Nagoya, Japan, 2002: 39–43. doi: 10.1109/MHS.1995.494215.
    SHI Y and EBERHART R. A modified particle swarm optimizer[C]. Proceeding of 1998 IEEE International Conference on Evolutionary Computation, World Congress on Computational Intelligence, Anchorage, USA, 1998: 69–73. doi: 10.1109/ICEC.1998.699146.
    LIN S W, YING K C, CHEN S C, et al. Particle swarm optimization for parameter determination and feature selection of support vector machines[J]. Expert Systems with Applications, 2008, 35(4): 1817–1824. doi: 10.1016/j.eswa.2007.08.088
    LECUN Y, CORTES C, and BURGES C J C. The MNIST database of handwritten digits[EB/OL]. http://yann.lecun.com/exdb/mnist/, 2010.
    YALE. The Yale face database[OL]. http://cvc.cs.yale.edu/cvc/projects/yalefaces/yalefaces.html, 1997.
    何光辉, 唐远炎, 房斌, 等. 图像分割方法在人脸识别中的应用[J]. 计算机工程与应用, 2010, 46(28): 196–198. doi: 10.3778/j.issn.1002-8331.2010.28.055

    HE Guanghui, TANG Yuanyan, FANG Bin, et al. Image partition method in face recognition[J]. Computer Engineering and Applications, 2010, 46(28): 196–198. doi: 10.3778/j.issn.1002-8331.2010.28.055
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(6)  / Tables(5)

    Article Metrics

    Article views (3934) PDF downloads(150) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return