A black-box adversarial attack for poisoning clustering
نویسندگان
چکیده
Clustering algorithms play a fundamental role as tools in decision-making and sensible automation processes. Due to the widespread use of these applications, robustness analysis this family against adversarial noise has become imperative. To best our knowledge, however, only few works have currently addressed problem. In an attempt fill gap, work, we propose black-box attack for crafting samples test clustering algorithms. We formulate problem constrained minimization program, general its structure customizable by attacker according her capability constraints. do not assume any information about internal victim algorithm, allow query it service only. absence derivative information, perform optimization with custom approach inspired Abstract Genetic Algorithm (AGA). experimental part, demonstrate sensibility different single ensemble crafted on scenarios. Furthermore, comparison algorithm state-of-the-art showing that are able reach or even outperform performance. Finally, highlight nature generated noise, show attacks transferable supervised such SVMs, random forests neural networks.
منابع مشابه
Query-Efficient Black-box Adversarial Examples
Current neural network-based image classifiers are susceptible to adversarial examples, even in the black-box setting, where the attacker is limited to query access without access to gradients. Previous methods — substitute networks and coordinate-based finite-difference methods — are either unreliable or query-inefficient, making these methods impractical for certain problems. We introduce a n...
متن کاملSimple Black-Box Adversarial Perturbations for Deep Networks
Deep neural networks are powerful and popular learning models that achieve state-of-the-art pattern recognition performance on many computer vision, speech, and language processing tasks. However, these networks have also been shown susceptible to carefully crafted adversarial perturbations which force misclassification of the inputs. Adversarial examples enable adversaries to subvert the expec...
متن کاملBlocking Transferability of Adversarial Examples in Black-Box Learning Systems
Advances in Machine Learning (ML) have led to its adoption as an integral component in many applications, including banking, medical diagnosis, and driverless cars. To further broaden the use of ML models, cloud-based services offered by Microsoft, Amazon, Google, and others have developed ML-as-a-service tools as black-box systems. However, ML classifiers are vulnerable to adversarial examples...
متن کاملDelving into Transferable Adversarial Examples and Black-box Attacks
An intriguing property of deep neural networks is the existence of adversarial examples, which can transfer among different architectures. These transferable adversarial examples may severely hinder deep neural network-based applications. Previous works mostly study the transferability using small scale datasets. In this work, we are the first to conduct an extensive study of the transferabilit...
متن کاملHotFlip: White-Box Adversarial Examples for NLP
Adversarial examples expose vulnerabilities of machine learning models. We propose an efficient method to generate white-box adversarial examples that trick character-level and wordlevel neural models. Our method, HotFlip, relies on an atomic flip operation, which swaps one token for another, based on the gradients of the one-hot input vectors. In experiments on text classification and machine ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Pattern Recognition
سال: 2022
ISSN: ['1873-5142', '0031-3203']
DOI: https://doi.org/10.1016/j.patcog.2021.108306