Attackability Characterization of Adversarial Evasion Attack on Discrete Data

Yutong Wang, Yufei Han, Hongyan Bao, Yun Shen, Fenglong Ma, Jin Li, Xiangliang Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Evasion attack on discrete data is a challenging, while practically interesting research topic. It is intrinsically an NP-hard combinatorial optimization problem. Characterizing the conditions guaranteeing the solvability of an evasion attack task thus becomes the key to understand the adversarial threat. Our study is inspired by the weak submodularity theory. We characterize the attackability of a targeted classifier on discrete data in evasion attack by bridging the attackability measurement and the regularity of the targeted classifier. Based on our attackability analysis, we propose a computationally efficient orthogonal matching pursuit-guided attack method for evasion attack on discrete data. It provides provably attack efficiency and performances. Substantial experimental results on real-world datasets validate the proposed attackability conditions and the effectiveness of the proposed attack method.
Original languageEnglish (US)
Title of host publicationProceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining
PublisherACM
ISBN (Print)9781450379984
DOIs
StatePublished - Aug 20 2020

Bibliographical note

KAUST Repository Item: Exported on 2020-10-01
Acknowledged KAUST grant number(s): FCC/1/1976-19-01
Acknowledgements: Our research in this publication was supported by funding from King Abdullah University of Science and Technology (KAUST), under award number FCC/1/1976-19-01 and KAUST AI Initiative, and NSFC No. 61828302.

Fingerprint

Dive into the research topics of 'Attackability Characterization of Adversarial Evasion Attack on Discrete Data'. Together they form a unique fingerprint.

Cite this