Combinatorial Boosting of Ensembles of Diversified Classifiers for Defense Against Evasion Attacks

MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM) Pub Date : 2021-11-29 DOI:10.1109/MILCOM52596.2021.9653040

R. Izmailov, Peter Lin, S. Venkatesan, Shridatt Sugrim

{"title":"Combinatorial Boosting of Ensembles of Diversified Classifiers for Defense Against Evasion Attacks","authors":"R. Izmailov, Peter Lin, S. Venkatesan, Shridatt Sugrim","doi":"10.1109/MILCOM52596.2021.9653040","DOIUrl":null,"url":null,"abstract":"Adversarial evasion attacks challenge the integrity of machine learning models by creating out-of-distribution samples that are then consistently misclassified. With a variety of detection and mitigation approaches proposed already, more sophisticated attacks typically defeat them. One of the most promising group of such approaches is based on creating multiple diversified models and leverage their ensemble properties for detection and mitigation of attacks. However, such approaches entail heavy computational cost for designing and training a significant number of models. The paper proposes (i) a combinatorial boosting of the number of diversified models that provides an exponentially expanded scope of reliable decisions, and (ii) robust methods for fusion of the resulting models and their combinations towards enhanced decisions in both benign and adversarial scenarios. Several versions of the approach were implemented and tested for network intrusion detection and color image classification tasks; the results show significant increase of resiliency against evasion attacks with low impact on benign performance.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM52596.2021.9653040","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial evasion attacks challenge the integrity of machine learning models by creating out-of-distribution samples that are then consistently misclassified. With a variety of detection and mitigation approaches proposed already, more sophisticated attacks typically defeat them. One of the most promising group of such approaches is based on creating multiple diversified models and leverage their ensemble properties for detection and mitigation of attacks. However, such approaches entail heavy computational cost for designing and training a significant number of models. The paper proposes (i) a combinatorial boosting of the number of diversified models that provides an exponentially expanded scope of reliable decisions, and (ii) robust methods for fusion of the resulting models and their combinations towards enhanced decisions in both benign and adversarial scenarios. Several versions of the approach were implemented and tested for network intrusion detection and color image classification tasks; the results show significant increase of resiliency against evasion attacks with low impact on benign performance.

查看原文本刊更多论文

防御逃避攻击的多元分类器集合的组合增强

对抗性规避攻击通过创建分布外样本来挑战机器学习模型的完整性，然后不断被错误分类。由于已经提出了各种检测和缓解方法，更复杂的攻击通常会击败它们。这类方法中最有前途的一组方法是基于创建多个多样化的模型，并利用它们的集成属性来检测和减轻攻击。然而，这种方法需要大量的计算成本来设计和训练大量的模型。本文提出(i)组合增加多样化模型的数量，以提供指数级扩展的可靠决策范围，以及(ii)在良性和敌对场景中融合所得模型及其组合以增强决策的鲁棒方法。针对网络入侵检测和彩色图像分类任务，对该方法的几个版本进行了实现和测试;结果表明，在对良性性能影响较小的情况下，对规避攻击的弹性显著增加。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)

自引率

0.00%

发文量