Attackability Characterization of Adversarial Evasion Attack on Discrete Data

Yutong Wang; Yufei Han; Hongyan Bao; Yun Shen; Fenglong Ma; Jin Li; Xiangliang Zhang

doi:10.1145/3394486.3403194

Attackability Characterization of Adversarial Evasion Attack on Discrete Data

Yutong Wang, Yufei Han, Hongyan Bao, Yun Shen, Fenglong Ma, Jin Li, Xiangliang Zhang

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Scopus citations

Abstract

Evasion attack on discrete data is a challenging, while practically interesting research topic. It is intrinsically an NP-hard combinatorial optimization problem. Characterizing the conditions guaranteeing the solvability of an evasion attack task thus becomes the key to understand the adversarial threat. Our study is inspired by the weak submodularity theory. We characterize the attackability of a targeted classifier on discrete data in evasion attack by bridging the attackability measurement and the regularity of the targeted classifier. Based on our attackability analysis, we propose a computationally efficient orthogonal matching pursuit-guided attack method for evasion attack on discrete data. It provides provably computational efficiency and attack performances. Substantial experimental results on real-world datasets validate the proposed attackability conditions and the effectiveness of the proposed attack method.

Original language	English (US)
Title of host publication	KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
Publisher	Association for Computing Machinery
Pages	1415-1425
Number of pages	11
ISBN (Electronic)	9781450379984
DOIs	https://doi.org/10.1145/3394486.3403194
State	Published - Aug 23 2020
Event	26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2020 - Virtual, Online, United States Duration: Aug 23 2020 → Aug 27 2020

Publication series

Name	Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

Conference

Conference	26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2020
Country/Territory	United States
City	Virtual, Online
Period	8/23/20 → 8/27/20

All Science Journal Classification (ASJC) codes

Software
Information Systems

Access to Document

10.1145/3394486.3403194

Cite this

Wang, Y., Han, Y., Bao, H., Shen, Y., Ma, F., Li, J., & Zhang, X. (2020). Attackability Characterization of Adversarial Evasion Attack on Discrete Data. In KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 1415-1425). (Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining). Association for Computing Machinery. https://doi.org/10.1145/3394486.3403194

Wang, Yutong ; Han, Yufei ; Bao, Hongyan et al. / Attackability Characterization of Adversarial Evasion Attack on Discrete Data. KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Association for Computing Machinery, 2020. pp. 1415-1425 (Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining).

@inproceedings{9d309cfdca004283b1c62cf032943ba3,

title = "Attackability Characterization of Adversarial Evasion Attack on Discrete Data",

abstract = "Evasion attack on discrete data is a challenging, while practically interesting research topic. It is intrinsically an NP-hard combinatorial optimization problem. Characterizing the conditions guaranteeing the solvability of an evasion attack task thus becomes the key to understand the adversarial threat. Our study is inspired by the weak submodularity theory. We characterize the attackability of a targeted classifier on discrete data in evasion attack by bridging the attackability measurement and the regularity of the targeted classifier. Based on our attackability analysis, we propose a computationally efficient orthogonal matching pursuit-guided attack method for evasion attack on discrete data. It provides provably computational efficiency and attack performances. Substantial experimental results on real-world datasets validate the proposed attackability conditions and the effectiveness of the proposed attack method.",

author = "Yutong Wang and Yufei Han and Hongyan Bao and Yun Shen and Fenglong Ma and Jin Li and Xiangliang Zhang",

note = "Funding Information: Our research in this publication was supported by funding from King Abdullah University of Science and Technology (KAUST), under award number FCC/1/1976-19-01 and KAUST AI Initiative, and NSFC No. 61828302. Publisher Copyright: {\textcopyright} 2020 ACM.; 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2020 ; Conference date: 23-08-2020 Through 27-08-2020",

year = "2020",

month = aug,

day = "23",

doi = "10.1145/3394486.3403194",

language = "English (US)",

series = "Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining",

publisher = "Association for Computing Machinery",

pages = "1415--1425",

booktitle = "KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining",

}

Wang, Y, Han, Y, Bao, H, Shen, Y, Ma, F, Li, J & Zhang, X 2020, Attackability Characterization of Adversarial Evasion Attack on Discrete Data. in KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Association for Computing Machinery, pp. 1415-1425, 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2020, Virtual, Online, United States, 8/23/20. https://doi.org/10.1145/3394486.3403194

Attackability Characterization of Adversarial Evasion Attack on Discrete Data. / Wang, Yutong; Han, Yufei; Bao, Hongyan et al.
KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Association for Computing Machinery, 2020. p. 1415-1425 (Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Attackability Characterization of Adversarial Evasion Attack on Discrete Data

AU - Wang, Yutong

AU - Han, Yufei

AU - Bao, Hongyan

AU - Shen, Yun

AU - Ma, Fenglong

AU - Li, Jin

AU - Zhang, Xiangliang

N1 - Funding Information: Our research in this publication was supported by funding from King Abdullah University of Science and Technology (KAUST), under award number FCC/1/1976-19-01 and KAUST AI Initiative, and NSFC No. 61828302. Publisher Copyright: © 2020 ACM.

PY - 2020/8/23

Y1 - 2020/8/23

N2 - Evasion attack on discrete data is a challenging, while practically interesting research topic. It is intrinsically an NP-hard combinatorial optimization problem. Characterizing the conditions guaranteeing the solvability of an evasion attack task thus becomes the key to understand the adversarial threat. Our study is inspired by the weak submodularity theory. We characterize the attackability of a targeted classifier on discrete data in evasion attack by bridging the attackability measurement and the regularity of the targeted classifier. Based on our attackability analysis, we propose a computationally efficient orthogonal matching pursuit-guided attack method for evasion attack on discrete data. It provides provably computational efficiency and attack performances. Substantial experimental results on real-world datasets validate the proposed attackability conditions and the effectiveness of the proposed attack method.

AB - Evasion attack on discrete data is a challenging, while practically interesting research topic. It is intrinsically an NP-hard combinatorial optimization problem. Characterizing the conditions guaranteeing the solvability of an evasion attack task thus becomes the key to understand the adversarial threat. Our study is inspired by the weak submodularity theory. We characterize the attackability of a targeted classifier on discrete data in evasion attack by bridging the attackability measurement and the regularity of the targeted classifier. Based on our attackability analysis, we propose a computationally efficient orthogonal matching pursuit-guided attack method for evasion attack on discrete data. It provides provably computational efficiency and attack performances. Substantial experimental results on real-world datasets validate the proposed attackability conditions and the effectiveness of the proposed attack method.

UR - http://www.scopus.com/inward/record.url?scp=85090408948&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85090408948&partnerID=8YFLogxK

U2 - 10.1145/3394486.3403194

DO - 10.1145/3394486.3403194

M3 - Conference contribution

AN - SCOPUS:85090408948

T3 - Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

SP - 1415

EP - 1425

BT - KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

PB - Association for Computing Machinery

T2 - 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2020

Y2 - 23 August 2020 through 27 August 2020

ER -

Wang Y, Han Y, Bao H, Shen Y, Ma F, Li J et al. Attackability Characterization of Adversarial Evasion Attack on Discrete Data. In KDD 2020 - Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. Association for Computing Machinery. 2020. p. 1415-1425. (Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining). doi: 10.1145/3394486.3403194

Attackability Characterization of Adversarial Evasion Attack on Discrete Data

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this