Vulnerability of classifiers to evolutionary generated adversarial examples

0485639 - ÚI 2021 RIV GB eng J - Článek v odborném periodiku
Vidnerová, Petra - Neruda, Roman
Vulnerability of classifiers to evolutionary generated adversarial examples.
Neural Networks. Roč. 127, July (2020), s. 168-181. ISSN 0893-6080. E-ISSN 1879-2782
Grant CEP: GA ČR(CZ) GA18-23827S
Institucionální podpora: RVO:67985807
Klíčová slova: supervised learning * neural networks * kernel methods * genetic algorithms * adversarial examples
Obor OECD: Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Impakt faktor: 8.050, rok: 2020
Způsob publikování: Omezený přístup
http://dx.doi.org/10.1016/j.neunet.2020.04.015

This paper deals with the vulnerability of machine learning models to adversarial examples and its implication for robustness and generalization properties. We propose an evolutionary algorithm that can generate adversarial examples for any machine learning model in the black-box attack scenario. This way, we can find adversarial examples without access to model’s parameters, only by querying the model at hand. We have tested a range of machine learning models including deep and shallow neural networks. Our experiments have shown that the vulnerability to adversarial examples is not only the problem of deep networks, but it spreads through various machine learning architectures. Rather, it depends on the type of computational units. Local units, such as Gaussian kernels, are less vulnerable to adversarial examples.
Trvalý link: http://hdl.handle.net/11104/0280599