Measuring Machine Learning Robustness in front of Static and Dynamic Adversaries*

2022 IEEE 34th International Conference on Tools with Artificial Intelligence (ICTAI) Pub Date : 2022-10-01 DOI:10.1109/ICTAI56018.2022.00033

Héctor D. Menéndez

{"title":"Measuring Machine Learning Robustness in front of Static and Dynamic Adversaries*","authors":"Héctor D. Menéndez","doi":"10.1109/ICTAI56018.2022.00033","DOIUrl":null,"url":null,"abstract":"Adversarial machine learning brought a new way of understanding the reliability of different learning systems. Knowing that the learning confidence depends significantly on small changes, such as noise, created a mind change in the artificial intelligence community, who started to consider the boundaries and limitations of machine learning methods. However, if we can measure these limitations, we can improve the strength of our machine learning models and their robustness. Following this motivation, this work introduces different measures of robustness for machine learning models based on false negatives. These measures can be evaluated for either static or dynamic scenarios, where an adversary performs intelligent actions to evade the system. To evaluate the metrics I have applied 11 classifiers to different benchmark datasets and created an adversary that performs an evolutionary search process aiming to reduce the classification accuracy. The results show that the most robust models are related to K-Nearest Neighbours, Logistic regression, and neural networks, although none of the systems is robust enough when the target is to reach a single misclassification.","PeriodicalId":354314,"journal":{"name":"2022 IEEE 34th International Conference on Tools with Artificial Intelligence (ICTAI)","volume":"139 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 34th International Conference on Tools with Artificial Intelligence (ICTAI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTAI56018.2022.00033","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Adversarial machine learning brought a new way of understanding the reliability of different learning systems. Knowing that the learning confidence depends significantly on small changes, such as noise, created a mind change in the artificial intelligence community, who started to consider the boundaries and limitations of machine learning methods. However, if we can measure these limitations, we can improve the strength of our machine learning models and their robustness. Following this motivation, this work introduces different measures of robustness for machine learning models based on false negatives. These measures can be evaluated for either static or dynamic scenarios, where an adversary performs intelligent actions to evade the system. To evaluate the metrics I have applied 11 classifiers to different benchmark datasets and created an adversary that performs an evolutionary search process aiming to reduce the classification accuracy. The results show that the most robust models are related to K-Nearest Neighbours, Logistic regression, and neural networks, although none of the systems is robust enough when the target is to reach a single misclassification.

查看原文本刊更多论文

在静态和动态对手面前测量机器学习的鲁棒性*

对抗性机器学习带来了一种理解不同学习系统可靠性的新方法。了解到学习信心在很大程度上取决于小的变化，比如噪音，这让人工智能界的观念发生了变化，他们开始考虑机器学习方法的界限和局限性。然而，如果我们能够衡量这些限制，我们就可以提高机器学习模型的强度及其鲁棒性。根据这一动机，本工作介绍了基于假阴性的机器学习模型的不同鲁棒性度量。这些措施可以针对静态或动态场景进行评估，在这些场景中，攻击者执行智能操作来逃避系统。为了评估这些指标，我对不同的基准数据集应用了11个分类器，并创建了一个对手，该对手执行旨在降低分类准确性的进化搜索过程。结果表明，最鲁棒的模型与k近邻、逻辑回归和神经网络有关，尽管当目标是达到单个错误分类时，没有一个系统足够鲁棒。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE 34th International Conference on Tools with Artificial Intelligence (ICTAI)

自引率

0.00%

发文量