Adversarial Attack on Machine Learning Models
V. Sahaya Sakila1, Sandeep M2, Praveen Hari Krishna N3
1V. Sahaya Sakila, Assistant Professor, Department of Computer Science and Engineering, SRM Institute of Science and Technology, Ramapuram, Chennai (TamilNadu), India.
2Sandeep M, Department of Computer Science and Engineering, SRM Institute of Science and Technology, Ramapuram, Chennai (TamilNadu), India.
3Praveen Hari Krishna N, Department of Computer Science and Engineering, SRM Institute of Science and Technology, Ramapuram, Chennai (TamilNadu), India.
Manuscript received on 08 April 2019 | Revised Manuscript received on 15 April 2019 | Manuscript Published on 26 July 2019 | PP: 431-434 | Volume-8 Issue-6S4 April 2019 | Retrieval Number: F10880486S419/19©BEIESP | DOI: 10.35940/ijitee.F1088.0486S419
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open-access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Machine Learning (ML) models are applied in a variety of tasks such as network intrusion detection or malware classification. Yet, these models are vulnerable to a class of malicious inputs known as adversarial examples. These are slightly perturbed inputs that are classified incorrectly by the ML model. The mitigation of these adversarial inputs remains an open problem. As a step towards understanding adversarial examples, we show that they are not drawn from the same distribution than the original data, and can thus be detected using statistical tests. Using this knowledge, we introduce a complimentary approach to identify specific inputs that are adversarial. Specifically, we augment our ML model with an additional output, in which the model is trained to classify all adversarial inputs.
Keywords: Adversarial Attacks, Generative Adversarial Network, Robust Classification.
Scope of the Article: Classification