对抗逃避攻击的过滤式对抗特征选择研究

doi:10.11959/j.issn.1000-0801.2023140

电信科学 ›› 2023, Vol. 39 ›› Issue (7): 46-58.doi: 10.11959/j.issn.1000-0801.2023140

对抗逃避攻击的过滤式对抗特征选择研究

黄启萌¹^,², 吴苗苗¹^,², 李云¹^,²

¹ 南京邮电大学，江苏南京 210023
² 江苏省大数据安全与智能处理重点实验室，江苏南京 210023

修回日期:2023-07-02 出版日期:2023-07-20 发布日期:2023-07-01
作者简介:黄启萌（1997- ），男，南京邮电大学硕士生，主要研究方向为模式识别和机器学习
吴苗苗（1992- ），女，毕业于南京邮电大学，主要研究方向为模式识别和机器学习
李云（1977- ），男，博士，南京邮电大学教授、博士生导师，主要研究方向为模式识别、机器学习、特征选择、自然语言处理以及信息安全
基金资助:
国家自然科学基金资助项目(61772284)

Research on filter-based adversarial feature selection against evasion attacks

Qimeng HUANG¹^,², Miaomiao WU¹^,², Yun LI¹^,²

¹ Nanjing University of Posts and Telecommunications, Nanjing 210023, China
² Jiangsu Key Laboratory for Big Data Security and Intelligent Processing, Nanjing 210023, China

Revised:2023-07-02 Online:2023-07-20 Published:2023-07-01
Supported by:
The National Natural Science Foundation of China(61772284)

摘要/Abstract

摘要：

随着机器学习技术的高速发展和大规模应用，其安全性越来越受关注，对抗性机器学习成为研究热点。在对抗性环境中，机器学习技术面临着被攻击的威胁，如垃圾邮件检测、交通信号识别、网络入侵检测等，攻击者通过篡改少量样本诱使分类器做出错误的分类决策，从而产生严重后果。基于最大相关最小冗余（mRMR），并考虑对抗逃避攻击的安全度量，设计了过滤式对抗特征选择的评价准则。此外，还基于分解策略的多目标演化子集选择（DPOSS）算法，提出一种鲁棒性对抗特征选择算法 SDPOSS，其不依赖后续模型，且能有效处理大规模高维特征。实验结果表明，随着分解个数的增加，SDPOSS 的运行时间会线性下降，且获得很好的分类性能。同时，SDPOSS算法在逃避攻击下的鲁棒性较好，为对抗性机器学习提供了新的思路。

关键词: 对抗特征选择, 逃避攻击, mRMR, 安全性评估准则, 帕累托占优

Abstract:

With the rapid development and widespread application of machine learning technology, its security has attracted increasing attention, leading to a growing interest in adversarial machine learning.In adversarial scenarios, machine learning techniques are threatened by attacks that manipulate a small number of samples to induce misclassification, resulting in serious consequences in various domains such as spam detection, traffic signal recognition, and network intrusion detection.An evaluation criterion for filter-based adversarial feature selection was proposed, based on the minimum redundancy and maximum relevance (mRMR) method, while considering security metrics against evasion attacks.Additionally, a robust adversarial feature selection algorithm was introduced, named SDPOSS, which was based on the decomposition-based Pareto optimization for subset selection (DPOSS) algorithm.SDPOSS didn’t depend on subsequent models and effectively handles large-scale high-dimensional feature spaces.Experimental results demonstrate that as the number of decompositions increases, the runtime of SDPOSS decreases linearly, while achieving excellent classification performance.Moreover, SDPOSS exhibits strong robustness against evasion attacks, providing new insights for adversarial machine learning.

Key words: adversarial feature selection, evasion attack, mRMR, security assessment criteria, Pareto dominate

中图分类号:

TP393

黄启萌, 吴苗苗, 李云. 对抗逃避攻击的过滤式对抗特征选择研究[J]. 电信科学, 2023, 39(7): 46-58.

Qimeng HUANG, Miaomiao WU, Yun LI. Research on filter-based adversarial feature selection against evasion attacks[J]. Telecommunications Science, 2023, 39(7): 46-58.

图/表 10

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

参考文献 15

[1]	PUGH K . Attacks on linking revisited:a new look at Bion’s classic work[J]. The International Journal of Psychoanalysis, 2020,101(2): 402-406.
[2]	SHEN M , YU H , ZHU L H ,et al. Effective and robust physical-world attacks on deep learning face recognition systems[J]. IEEE Transactions on Information Forensics and Security, 2021(16): 4063-4077.
[3]	RAO S , VERMA A K , BHATIA T . A review on social spam detection:challenges,open issues,and future directions[J]. Expert Systems With Applications, 2021(186): 115742.
[4]	SALMAN E H , TAHER M A , HAMMADI Y I ,et al. An anomaly intrusion detection for high-density Internet of things wireless communication network based deep learning algorithms[J]. Sensors (Basel,Switzerland), 2022,23(1): 206.
[5]	HANG J , HAN K J , CHEN H ,et al. Ensemble adversarial black-box attacks against deep learning systems[J]. Pattern Recognition, 2020,101:107184.
[6]	SELVAGANAPATHY S G , SADASIVAM S . Defense against adversarial malware using robust classifier:dam-ROC[J]. Sādhanā, 2022,47(4): 209.
[7]	ZHANG F , CHAN P P K , BIGGIO B ,et al. Adversarial feature selection against evasion attacks[J]. IEEE Transactions on Cybernetics, 2016,46(3): 766-777.
[8]	QIAN C , YU Y , ZHOU Z H . Subset selection by Pareto optimization[C]// Proceedings of the 28th International Conference on Neural Information Processing Systems. Cambridge:MIT Press, 2015: 1774-1782.
[9]	钱超, 周志华 . 基于分解策略的多目标演化子集选择算法[J]. 中国科学(信息科学), 2016,46(9): 1276-1287.
	QIAN C , ZHOU Z H . Decomposition-based Pareto optimization for subset selection[J]. Scientia Sinica (Informationis), 2016,46(9): 1276-1287.
[10]	QIAN C , BIAN C , FENG C . Subset selection by Pareto optimization with recombination[J]. Proceedings of the AAAI Conference on Artificial Intelligence, 2020,34(3): 2408-2415.
[11]	WU M M , LI Y . Adversarial mRMR against evasion attacks[C]// Proceedings of 2018 International Joint Conference on Neural Networks (IJCNN). Piscataway:IEEE Press, 2018: 1-6.
[12]	PENG H C , LONG F H , DING C . Feature selection based on mutual information:criteria of max-dependency,max-relevance,and Min-redundancy[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2005,27(8): 1226-1238.
[13]	CORMACK G V . TREC 2007 spam track overview[C]// Proceedings of the 16th Text REtrieval Conference.[S.l.:s.n.], 2007.
[14]	BIGGIO B , PILLAI I , BULò S R ,et al. Is data clustering in adversarial settings secure?[C]// Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security. New York:ACM Press, 2013: 87-98.
[15]	RO?KOVá V GEORGE E I . The spike-and-slab LASSO[J]. Journal of the American Statistical Association, 2018,113(521): 431-444.

对抗逃避攻击的过滤式对抗特征选择研究

Research on filter-based adversarial feature selection against evasion attacks

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 15

相关文章 15

Metrics

推荐阅读 0

[1]	云本胜, 干潇雅, 钱亚冠. 一种基于随机森林和改进卷积神经网络的网络流量分类方法[J]. 电信科学, 2023, 39(7): 80-89.
[2]	周雪峰, 徐强, 谭艳婷, 郎嘉忆, 经航, 赵志强. 基于改进灰色聚类算法的云架构数据中心网络异常流量过滤算法[J]. 电信科学, 2023, 39(7): 90-98.
[3]	郭文磊. 复杂建筑群物联网非均匀分布节点随机负载均衡性优化模型[J]. 电信科学, 2023, 39(7): 139-148.
[4]	祝谷乔, 姜超, 徐煜烨. 超分辨率重建技术及其在智能终端上的应用[J]. 电信科学, 2023, 39(7): 156-165.
[5]	高凯辉, 李丹. 数据中心网络性能保障研究综述[J]. 电信科学, 2023, 39(6): 1-21.
[6]	李彧, 李召召, 吕平, 刘勤让. 全维可重构的多模态网络交换芯片架构设计[J]. 电信科学, 2023, 39(6): 22-32.
[7]	李炯, 胡宇翔, 崔鹏帅, 田乐, 董永吉. 面向多模态网络环境的网络模态增量式部署机制研究[J]. 电信科学, 2023, 39(6): 33-43.
[8]	郭泽华, 朱昊文, 徐同文. 面向分布式机器学习的网络模态创新[J]. 电信科学, 2023, 39(6): 44-51.
[9]	刘爱华, 骆汉光, 温建中, 占治国. 面向多模态网络的隔离转发技术研究[J]. 电信科学, 2023, 39(6): 52-60.
[10]	邹涛, 张慧峰, 高万鑫, 徐琪, 沈丛麒, 朱俊, 潘仲夏, 国兴昌. 面向智能制造的多模态网络应用技术研究[J]. 电信科学, 2023, 39(6): 61-72.
[11]	何耀宇, 张超. 面向无人机应用的低轨卫星通信技术适航分析[J]. 电信科学, 2023, 39(6): 96-104.
[12]	童承权, 周昱昕. 复杂业务场景下的云上数据库选型研究[J]. 电信科学, 2023, 39(Z1): 39-46.
[13]	何肖嵘, 廖江, 李昕与, 辛桢炜, 朱萍. 基于高性能电信云虚拟化平台的试点验证[J]. 电信科学, 2023, 39(Z1): 47-54.
[14]	张剑, 程俊华, 龚菡洁, 李红, 牛凯. 基于云边协同的高可用厨房卫生监控系统[J]. 电信科学, 2023, 39(Z1): 62-70.
[15]	王羽, 罗可人, 何衡, 颜永明. SD-WAN控制平面异地灾备方案研究[J]. 电信科学, 2023, 39(Z1): 79-85.