A Distributed Biased Boundary Attack Method in Black-Box Attack

The adversarial samples threaten the effectiveness of machine learning (ML) models and algorithms in many applications. In particular, black-box attack methods are quite close to actual scenarios. Research on black-box attack methods and the generation of adversarial samples is helpful to discover the defects of machine learning models. It can strengthen the robustness of machine learning algorithms models. Such methods require queries frequently, which are less efficient. This paper has made improvements in the initial generation and the search for the most effective adversarial examples. Besides, it is found that some indicators can be used to detect attacks, which is a new foundation compared with our previous studies. Firstly, the paper proposed an algorithm to generate initial adversarial samples with a smaller L2 norm; secondly, a combination between particle swarm optimization (PSO) and biased boundary adversarial attack (BBA) is proposed. It is the PSO-BBA. Experiments are conducted on the ImageNet. The PSO-BBA is compared with the baseline method. Experimental comparison results certificate that: (1) A distributed framework for adversarial attack methods is proposed; (2) The proposed initial point selection method can reduces query numbers effectively; (3) Compared to the original BBA, the proposed PSO-BBA algorithm accelerates the convergence speed and improves the accuracy of attack accuracy; (4) The improved PSO-BBA algorithm has preferable performance on targeted and non-targeted attacks; (5) The mean structural similarity (MSSIM) can be used as the indicators of adversarial attack.

Download Full-text

CoRg: Commonsense Reasoning Using a Theorem Prover and Machine Learning

10.29007/lt5p ◽

2019 ◽

Cited By ~ 1

Author(s):

Sophie Siebert ◽

Frieder Stolzenburg

Keyword(s):

Machine Learning ◽

Question Answering ◽

Learning Algorithms ◽

Knowledge Bases ◽

Black Box ◽

Machine Learning Algorithms ◽

Theorem Prover ◽

Commonsense Reasoning ◽

Probable Answer ◽

Everyday Task

Commonsense reasoning is an everyday task that is intuitive for humans but hard to implement for computers. It requires large knowledge bases to get the required data from, although this data is still incomplete or even inconsistent. While machine learning algorithms perform rather well on these tasks, the reasoning process remains a black box. To close this gap, our system CoRg aims to build an explainable and well-performing system, which consists of both an explainable deductive derivation process and a machine learning part. We conduct our experiments on the Copa question-answering benchmark using the ontologies WordNet, Adimen-SUMO, and ConceptNet. The knowledge is fed into the theorem prover Hyper and in the end the conducted models will be analyzed using machine learning algorithms, to derive the most probable answer.

Download Full-text

Comparative analysis of multiple classification models to improve PM10 prediction performance

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v11i3.pp2500-2507 ◽

2021 ◽

Vol 11 (3) ◽

pp. 2500

Author(s):

Yong-Jin Jung ◽

Kyoung-Woo Cho ◽

Jong-Sung Lee ◽

Chang-Heon Oh

Keyword(s):

Machine Learning ◽

Logistic Regression ◽

Particulate Matter ◽

Prediction Models ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Occurrence Rate ◽

Classification Models ◽

Comparison Results ◽

Multiple Classification

With the increasing requirement of high accuracy for particulate matter prediction, various attempts have been made to improve prediction accuracy by applying machine learning algorithms. However, the characteristics of particulate matter and the problem of the occurrence rate by concentration make it difficult to train prediction models, resulting in poor prediction. In order to solve this problem, in this paper, we proposed multiple classification models for predicting particulate matter concentrations required for prediction by dividing them into AQI-based classes. We designed multiple classification models using logistic regression, decision tree, SVM and ensemble among the various machine learning algorithms. The comparison results of the performance of the four classification models through error matrices confirmed the f-score of 0.82 or higher for all the models other than the logistic regression model.

Download Full-text

Suspicion-Free Adversarial Attacks on Clustering Algorithms

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v34i04.5770 ◽

2020 ◽

Vol 34 (04) ◽

pp. 3625-3632

Author(s):

Anshuman Chhabra ◽

Abhishek Roy ◽

Prasant Mohapatra

Keyword(s):

Machine Learning ◽

Supervised Learning ◽

Clustering Algorithms ◽

Black Box ◽

Single Sample ◽

Decision Boundary ◽

Empirical Results ◽

Adversarial Attack ◽

Modern Machine

Clustering algorithms are used in a large number of applications and play an important role in modern machine learning– yet, adversarial attacks on clustering algorithms seem to be broadly overlooked unlike supervised learning. In this paper, we seek to bridge this gap by proposing a black-box adversarial attack for clustering models for linearly separable clusters. Our attack works by perturbing a single sample close to the decision boundary, which leads to the misclustering of multiple unperturbed samples, named spill-over adversarial samples. We theoretically show the existence of such adversarial samples for the K-Means clustering. Our attack is especially strong as (1) we ensure the perturbed sample is not an outlier, hence not detectable, and (2) the exact metric used for clustering is not known to the attacker. We theoretically justify that the attack can indeed be successful without the knowledge of the true metric. We conclude by providing empirical results on a number of datasets, and clustering algorithms. To the best of our knowledge, this is the first work that generates spill-over adversarial samples without the knowledge of the true metric ensuring that the perturbed sample is not an outlier, and theoretically proves the above.

Download Full-text

Real-Time Adversarial Attacks

Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence ◽

10.24963/ijcai.2019/649 ◽

2019 ◽

Cited By ~ 4

Author(s):

Yuan Gong ◽

Boyang Li ◽

Christian Poellabauer ◽

Yiyu Shi

Keyword(s):

Machine Learning ◽

Real Time ◽

Machine Learning Algorithms ◽

Original Sample ◽

Target Model ◽

Data Points ◽

Past Data ◽

Adversarial Attack ◽

Modern Machine ◽

Machine Learning Models

In recent years, many efforts have demonstrated that modern machine learning algorithms are vulnerable to adversarial attacks, where small, but carefully crafted, perturbations on the input can make them fail. While these attack methods are very effective, they only focus on scenarios where the target model takes static input, i.e., an attacker can observe the entire original sample and then add a perturbation at any point of the sample. These attack approaches are not applicable to situations where the target model takes streaming input, i.e., an attacker is only able to observe past data points and add perturbations to the remaining (unobserved) data points of the input. In this paper, we propose a real-time adversarial attack scheme for machine learning models with streaming inputs.

Download Full-text

TLTD: A Testing Framework for Learning-Based IoT Traffic Detection Systems

Sensors ◽

10.3390/s18082630 ◽

2018 ◽

Vol 18 (8) ◽

pp. 2630 ◽

Cited By ~ 4

Author(s):

Xiaolei Liu ◽

Xiaosong Zhang ◽

Nadra Guizani ◽

Jiazhong Lu ◽

Qingxin Zhu ◽

...

Keyword(s):

Machine Learning ◽

Image Data ◽

Black Box ◽

Machine Learning Algorithms ◽

Automated Testing ◽

Security Analysts ◽

Testing Framework ◽

Detection Systems ◽

Traffic Detection ◽

Detection Technologies

With the popularization of IoT (Internet of Things) devices and the continuous development of machine learning algorithms, learning-based IoT malicious traffic detection technologies have gradually matured. However, learning-based IoT traffic detection models are usually very vulnerable to adversarial samples. There is a great need for an automated testing framework to help security analysts to detect errors in learning-based IoT traffic detection systems. At present, most methods for generating adversarial samples require training parameters of known models and are only applicable to image data. To address the challenge, we propose a testing framework for learning-based IoT traffic detection systems, TLTD. By introducing genetic algorithms and some technical improvements, TLTD can generate adversarial samples for IoT traffic detection systems and can perform a black-box test on the systems.

Download Full-text

Clinical applications of machine learning algorithms: beyond the black box

BMJ ◽

10.1136/bmj.l886 ◽

2019 ◽

pp. l886 ◽

Cited By ~ 48

Author(s):

David S Watson ◽

Jenny Krutzinna ◽

Ian N Bruce ◽

Christopher EM Griffiths ◽

Iain B McInnes ◽

...

Keyword(s):

Machine Learning ◽

Learning Algorithms ◽

Black Box ◽

Clinical Applications ◽

Machine Learning Algorithms ◽

Applications Of Machine Learning

Download Full-text

Visual Tactics Toward an Ethical Debugging

Digital Culture & Society ◽

10.14361/dcs-2018-0113 ◽

2018 ◽

Vol 4 (1) ◽

pp. 217-226

Author(s):

Catherine Griffiths

Keyword(s):

Machine Learning ◽

Job Performance ◽

Interaction Design ◽

Design Research ◽

Blind Spot ◽

Black Box ◽

Machine Learning Algorithms ◽

Critical Study ◽

Intelligent Algorithms ◽

Ethical Implications

Abstract To advance design research into a critical study of artificially intelligent algorithms, strategies from the fields of critical code studies and data visualisation are combined to propose a methodology for computational visualisation. By opening the algorithmic black box to think through the meaning created by structure and process, computational visualisation seeks to elucidate the complexity and obfuscation at the heart of artificial intelligence systems. There are rising ethical dilemmas that are a consequence of the use of machine learning algorithms in socially sensitive spaces, such as in determining criminal sentencing, job performance, or access to welfare. This is in part due to the lack of a theoretical framework to understand how and why decisions are made at the algorithmic level. The ethical implications are becoming more severe as such algorithmic decision-making is being given higher authority while there is a simultaneous blind spot in where and how biases arise. Computational visualisation, as a method, explores how contemporary visual design tactics including generative design and interaction design, can intersect with a critical exegesis of algorithms to challenge the black box and obfuscation of machine learning and work toward an ethical debugging of biases in such systems.

Download Full-text

Clinical Applications of Machine Learning Algorithms: Beyond the Black Box

SSRN Electronic Journal ◽

10.2139/ssrn.3352454 ◽

2019 ◽

Cited By ~ 2

Author(s):

David Watson ◽

Jenny Krutzinna ◽

Ian Bruce ◽

Christopher Griffiths ◽

Iain McInnes ◽

...

Keyword(s):

Machine Learning ◽

Learning Algorithms ◽

Black Box ◽

Clinical Applications ◽

Machine Learning Algorithms ◽

Applications Of Machine Learning

Download Full-text

Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain

ACM Computing Surveys ◽

10.1145/3453158 ◽

2021 ◽

Vol 54 (5) ◽

pp. 1-36

Author(s):

Ishai Rosenberg ◽

Asaf Shabtai ◽

Yuval Elovici ◽

Lior Rokach

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Future Research ◽

Research Directions ◽

Future Research Directions ◽

Adversarial Attack ◽

The Impact

In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the application of machine learning, especially in non-stationary, adversarial environments, such as the cyber security domain, where actual adversaries (e.g., malware developers) exist. This article comprehensively summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques and illuminates the risks they pose. First, the adversarial attack methods are characterized based on their stage of occurrence, and the attacker’ s goals and capabilities. Then, we categorize the applications of adversarial attack and defense methods in the cyber security domain. Finally, we highlight some characteristics identified in recent research and discuss the impact of recent advancements in other adversarial learning domains on future research directions in the cyber security domain. To the best of our knowledge, this work is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain, map them in a unified taxonomy, and use the taxonomy to highlight future research directions.

Download Full-text

DATA MINING AND MACHINE LEARNING IN ASTRONOMY

International Journal of Modern Physics D ◽

10.1142/s0218271810017160 ◽

2010 ◽

Vol 19 (07) ◽

pp. 1049-1106 ◽

Cited By ~ 129

Author(s):

NICHOLAS M. BALL ◽

ROBERT J. BRUNNER

Keyword(s):

Machine Learning ◽

Data Mining ◽

Black Box ◽

Point Of View ◽

Machine Learning Algorithms ◽

Support Vector ◽

Scientific Advance ◽

Current State ◽

Powerful Approach ◽

The Time Domain

We review the current state of data mining and machine learning in astronomy. Data Mining can have a somewhat mixed connotation from the point of view of a researcher in this field. If used correctly, it can be a powerful approach, holding the potential to fully exploit the exponentially increasing amount of available data, promising great scientific advance. However, if misused, it can be little more than the black box application of complex computing algorithms that may give little physical insight, and provide questionable results. Here, we give an overview of the entire data mining process, from data collection through to the interpretation of results. We cover common machine learning algorithms, such as artificial neural networks and support vector machines, applications from a broad range of astronomy, emphasizing those in which data mining techniques directly contributed to improving science, and important current and future directions, including probability density functions, parallel algorithms, Peta-Scale computing, and the time domain. We conclude that, so long as one carefully selects an appropriate algorithm and is guided by the astronomical problem at hand, data mining can be very much the powerful tool, and not the questionable black box.

Download Full-text