A novel perturbation attack on SVM by greedy algorithm

Yaguan QIAN; Xiaohui GUAN; Shuhui WU; NBensheng YU; Dongxiao REN

Dianxin kexue (Jan 2019)

A novel perturbation attack on SVM by greedy algorithm

Yaguan QIAN,
Xiaohui GUAN,
Shuhui WU,
NBensheng YU,
Dongxiao REN

Affiliations

Yaguan QIAN
Xiaohui GUAN
Shuhui WU
NBensheng YU
Dongxiao REN

Journal volume & issue: Vol. 35
pp. 81 – 89

Abstract

Read online

With the increasing concern of machine learning security issues, an adversarial sample generation method for SVM was proposed. This attack occurred in the testing stage by manipulating with the sample tofool the SVM classification model. Greedy strategy was used to search for salient feature subsets in kernel space and then the perturbation in the kernel space was projected back into the input space to obtain attack samples. This method made the test samples misclassified by less than 7% perturbation. Experiments are carried out on two data sets, and both of them are successful. In the artificial data set, the classification error rate is above 50% under 2% perturbation. In MNIST data set, the classification error rate is close to 100% under 5% perturbation.

machine learning;support vector machine;greedy algorithm;salient feature;adversarial sample

Published in Dianxin kexue

ISSN: 1000-0801 (Print)
Publisher: Beijing Xintong Media Co., Ltd
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/dxkx/EN/1000-0801/home.shtml

About the journal

Abstract

Keywords