Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers
The actual problem of adversarial attacks on classifiers, mainly implemented using deep neural networks, is considered. This problem is analyzed with a generalization to the case of any classifiers synthesized by machine learning methods. The imperfection of generally accepted criteria for assessing...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-06-01
|
| Series: | Machine Learning and Knowledge Extraction |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2504-4990/4/2/24 |
| _version_ | 1797485038787362816 |
|---|---|
| author | Anastasia Gurina Vladimir Eliseev |
| author_facet | Anastasia Gurina Vladimir Eliseev |
| author_sort | Anastasia Gurina |
| collection | DOAJ |
| description | The actual problem of adversarial attacks on classifiers, mainly implemented using deep neural networks, is considered. This problem is analyzed with a generalization to the case of any classifiers synthesized by machine learning methods. The imperfection of generally accepted criteria for assessing the quality of classifiers, including those used to confirm the effectiveness of protection measures against adversarial attacks, is noted. The reason for the appearance of adversarial examples and other errors of classifiers based on machine learning is investigated. A method for modeling adversarial attacks with a demonstration of the main effects observed during the attack is proposed. It is noted that it is necessary to develop quality criteria for classifiers in terms of potential susceptibility to adversarial attacks. To assess resistance to adversarial attacks, it is proposed to use the multidimensional EDCAP criterion (Excess, Deficit, Coating, Approx, Pref). We also propose a method for synthesizing a new EnAE (Ensemble of Auto-Encoders) multiclass classifier based on an ensemble of quality-controlled one-class classifiers according to EDCAP criteria. The EnAE classification algorithm implements a hard voting approach and can detect anomalous inputs. The proposed criterion, synthesis method and classifier are tested on several data sets with a medium dimension of the feature space. |
| first_indexed | 2024-03-09T23:14:05Z |
| format | Article |
| id | doaj.art-cea7fa65a39f4f57abba4aa1ceeaa5f2 |
| institution | Directory Open Access Journal |
| issn | 2504-4990 |
| language | English |
| last_indexed | 2024-03-09T23:14:05Z |
| publishDate | 2022-06-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Machine Learning and Knowledge Extraction |
| spelling | doaj.art-cea7fa65a39f4f57abba4aa1ceeaa5f22023-11-23T17:40:29ZengMDPI AGMachine Learning and Knowledge Extraction2504-49902022-06-014251954110.3390/make4020024Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant ClassifiersAnastasia Gurina0Vladimir Eliseev1JSC InfoTeCS, Otradnaya 2B building 1, Moscow 127273, RussiaJSC InfoTeCS, Otradnaya 2B building 1, Moscow 127273, RussiaThe actual problem of adversarial attacks on classifiers, mainly implemented using deep neural networks, is considered. This problem is analyzed with a generalization to the case of any classifiers synthesized by machine learning methods. The imperfection of generally accepted criteria for assessing the quality of classifiers, including those used to confirm the effectiveness of protection measures against adversarial attacks, is noted. The reason for the appearance of adversarial examples and other errors of classifiers based on machine learning is investigated. A method for modeling adversarial attacks with a demonstration of the main effects observed during the attack is proposed. It is noted that it is necessary to develop quality criteria for classifiers in terms of potential susceptibility to adversarial attacks. To assess resistance to adversarial attacks, it is proposed to use the multidimensional EDCAP criterion (Excess, Deficit, Coating, Approx, Pref). We also propose a method for synthesizing a new EnAE (Ensemble of Auto-Encoders) multiclass classifier based on an ensemble of quality-controlled one-class classifiers according to EDCAP criteria. The EnAE classification algorithm implements a hard voting approach and can detect anomalous inputs. The proposed criterion, synthesis method and classifier are tested on several data sets with a medium dimension of the feature space.https://www.mdpi.com/2504-4990/4/2/24adversarial attack modelingadversarial examplesclassification quality criteriamulticlass classificationmultidimensional feature spacemachine learning |
| spellingShingle | Anastasia Gurina Vladimir Eliseev Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers Machine Learning and Knowledge Extraction adversarial attack modeling adversarial examples classification quality criteria multiclass classification multidimensional feature space machine learning |
| title | Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers |
| title_full | Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers |
| title_fullStr | Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers |
| title_full_unstemmed | Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers |
| title_short | Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers |
| title_sort | quality criteria and method of synthesis for adversarial attack resistant classifiers |
| topic | adversarial attack modeling adversarial examples classification quality criteria multiclass classification multidimensional feature space machine learning |
| url | https://www.mdpi.com/2504-4990/4/2/24 |
| work_keys_str_mv | AT anastasiagurina qualitycriteriaandmethodofsynthesisforadversarialattackresistantclassifiers AT vladimireliseev qualitycriteriaandmethodofsynthesisforadversarialattackresistantclassifiers |