{"title":"检测针对机器学习系统的规避攻击的混合方法","authors":"M. O. Kalinin, A. F. Suprun, O. D. Ivanova","doi":"10.3103/S0146411623080072","DOIUrl":null,"url":null,"abstract":"<p>The existing methods for the detection of evasion attacks in machine learning systems are analyzed. An experimental comparison of the methods is carried out. The uncertainty method is universal; however, in this method, it is difficult to determine such uncertainty boundaries for adversarial examples that would enable the precise identification of evasion attacks, which would result in lower efficiency parameters with respect to the skip gradient method (SGM) attack, maps of significance (MS) attack, and boundary attack (BA) compared to the other methods. A new hybrid method representing the two-stage input data verification complemented with preliminary processing is developed. In the new method, the uncertainty boundary for adversarial objects has become distinguishable and quickly computable. The hybrid method makes it possible to detect out-of-distribution (OOD) evasion attacks with a precision of not less than 80%, and SGM, MS, and BA attacks with a precision of 93%.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"57 8","pages":"983 - 988"},"PeriodicalIF":0.6000,"publicationDate":"2024-02-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Hybrid Method for the Detection of Evasion Attacks Aimed at Machine Learning Systems\",\"authors\":\"M. O. Kalinin, A. F. Suprun, O. D. Ivanova\",\"doi\":\"10.3103/S0146411623080072\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>The existing methods for the detection of evasion attacks in machine learning systems are analyzed. An experimental comparison of the methods is carried out. The uncertainty method is universal; however, in this method, it is difficult to determine such uncertainty boundaries for adversarial examples that would enable the precise identification of evasion attacks, which would result in lower efficiency parameters with respect to the skip gradient method (SGM) attack, maps of significance (MS) attack, and boundary attack (BA) compared to the other methods. A new hybrid method representing the two-stage input data verification complemented with preliminary processing is developed. In the new method, the uncertainty boundary for adversarial objects has become distinguishable and quickly computable. The hybrid method makes it possible to detect out-of-distribution (OOD) evasion attacks with a precision of not less than 80%, and SGM, MS, and BA attacks with a precision of 93%.</p>\",\"PeriodicalId\":46238,\"journal\":{\"name\":\"AUTOMATIC CONTROL AND COMPUTER SCIENCES\",\"volume\":\"57 8\",\"pages\":\"983 - 988\"},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2024-02-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"AUTOMATIC CONTROL AND COMPUTER SCIENCES\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://link.springer.com/article/10.3103/S0146411623080072\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"AUTOMATION & CONTROL SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","FirstCategoryId":"1085","ListUrlMain":"https://link.springer.com/article/10.3103/S0146411623080072","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
摘要 分析了在机器学习系统中检测规避攻击的现有方法。对这些方法进行了实验比较。不确定性方法具有普遍性;但是,在这种方法中,很难确定对抗示例的不确定性边界,从而无法精确识别规避攻击,这将导致跳过梯度法(SGM)攻击、显著性映射(MS)攻击和边界攻击(BA)的效率参数低于其他方法。我们开发了一种新的混合方法,它代表了以初步处理为补充的两阶段输入数据验证。在新方法中,对抗对象的不确定性边界变得可区分且可快速计算。该混合方法能以不低于 80% 的精度检测出分布外(OOD)规避攻击,并能以 93% 的精度检测出 SGM、MS 和 BA 攻击。
Hybrid Method for the Detection of Evasion Attacks Aimed at Machine Learning Systems
The existing methods for the detection of evasion attacks in machine learning systems are analyzed. An experimental comparison of the methods is carried out. The uncertainty method is universal; however, in this method, it is difficult to determine such uncertainty boundaries for adversarial examples that would enable the precise identification of evasion attacks, which would result in lower efficiency parameters with respect to the skip gradient method (SGM) attack, maps of significance (MS) attack, and boundary attack (BA) compared to the other methods. A new hybrid method representing the two-stage input data verification complemented with preliminary processing is developed. In the new method, the uncertainty boundary for adversarial objects has become distinguishable and quickly computable. The hybrid method makes it possible to detect out-of-distribution (OOD) evasion attacks with a precision of not less than 80%, and SGM, MS, and BA attacks with a precision of 93%.
期刊介绍:
Automatic Control and Computer Sciences is a peer reviewed journal that publishes articles on• Control systems, cyber-physical system, real-time systems, robotics, smart sensors, embedded intelligence • Network information technologies, information security, statistical methods of data processing, distributed artificial intelligence, complex systems modeling, knowledge representation, processing and management • Signal and image processing, machine learning, machine perception, computer vision
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
