On the Robustness of Domain Constraints
- URL: http://arxiv.org/abs/2105.08619v1
- Date: Tue, 18 May 2021 15:49:55 GMT
- Title: On the Robustness of Domain Constraints
- Authors: Ryan Sheatsley and Blaine Hoak and Eric Pauley and Yohan Beugin and
Michael J. Weisman and Patrick McDaniel
- Abstract summary: It is unclear if adversarial examples represent realistic inputs in the modeled domains.
In this paper, we explore how domain constraints limit adversarial capabilities.
We show how the learned constraints can be integrated into the adversarial crafting process.
- Score: 0.4194295877935867
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Machine learning is vulnerable to adversarial examples-inputs designed to
cause models to perform poorly. However, it is unclear if adversarial examples
represent realistic inputs in the modeled domains. Diverse domains such as
networks and phishing have domain constraints-complex relationships between
features that an adversary must satisfy for an attack to be realized (in
addition to any adversary-specific goals). In this paper, we explore how domain
constraints limit adversarial capabilities and how adversaries can adapt their
strategies to create realistic (constraint-compliant) examples. In this, we
develop techniques to learn domain constraints from data, and show how the
learned constraints can be integrated into the adversarial crafting process. We
evaluate the efficacy of our approach in network intrusion and phishing
datasets and find: (1) up to 82% of adversarial examples produced by
state-of-the-art crafting algorithms violate domain constraints, (2) domain
constraints are robust to adversarial examples; enforcing constraints yields an
increase in model accuracy by up to 34%. We observe not only that adversaries
must alter inputs to satisfy domain constraints, but that these constraints
make the generation of valid adversarial examples far more challenging.
Related papers
- Enhancing Adversarial Robustness via Uncertainty-Aware Distributional Adversarial Training [43.766504246864045]
We propose a novel uncertainty-aware distributional adversarial training method.
Our approach achieves state-of-the-art adversarial robustness and maintains natural performance.
arXiv Detail & Related papers (2024-11-05T07:26:24Z) - FullCert: Deterministic End-to-End Certification for Training and Inference of Neural Networks [62.897993591443594]
FullCert is the first end-to-end certifier with sound, deterministic bounds.
We experimentally demonstrate FullCert's feasibility on two datasets.
arXiv Detail & Related papers (2024-06-17T13:23:52Z) - A Survey on Transferability of Adversarial Examples across Deep Neural Networks [53.04734042366312]
adversarial examples can manipulate machine learning models into making erroneous predictions.
The transferability of adversarial examples enables black-box attacks which circumvent the need for detailed knowledge of the target model.
This survey explores the landscape of the adversarial transferability of adversarial examples.
arXiv Detail & Related papers (2023-10-26T17:45:26Z) - On Regularization and Inference with Label Constraints [62.60903248392479]
We compare two strategies for encoding label constraints in a machine learning pipeline, regularization with constraints and constrained inference.
For regularization, we show that it narrows the generalization gap by precluding models that are inconsistent with the constraints.
For constrained inference, we show that it reduces the population risk by correcting a model's violation, and hence turns the violation into an advantage.
arXiv Detail & Related papers (2023-07-08T03:39:22Z) - Fairness Increases Adversarial Vulnerability [50.90773979394264]
This paper shows the existence of a dichotomy between fairness and robustness, and analyzes when achieving fairness decreases the model robustness to adversarial samples.
Experiments on non-linear models and different architectures validate the theoretical findings in multiple vision domains.
The paper proposes a simple, yet effective, solution to construct models achieving good tradeoffs between fairness and robustness.
arXiv Detail & Related papers (2022-11-21T19:55:35Z) - Latent Boundary-guided Adversarial Training [61.43040235982727]
Adrial training is proved to be the most effective strategy that injects adversarial examples into model training.
We propose a novel adversarial training framework called LAtent bounDary-guided aDvErsarial tRaining.
arXiv Detail & Related papers (2022-06-08T07:40:55Z) - A Unified Framework for Adversarial Attack and Defense in Constrained
Feature Space [13.096022606256973]
We propose a unified framework to generate feasible adversarial examples that satisfy given domain constraints.
Our framework forms the starting point for research on constrained adversarial attacks and provides relevant baselines and datasets that research can exploit.
arXiv Detail & Related papers (2021-12-02T12:05:27Z) - Counterfactual Explanations as Interventions in Latent Space [62.997667081978825]
Counterfactual explanations aim to provide to end users a set of features that need to be changed in order to achieve a desired outcome.
Current approaches rarely take into account the feasibility of actions needed to achieve the proposed explanations.
We present Counterfactual Explanations as Interventions in Latent Space (CEILS), a methodology to generate counterfactual explanations.
arXiv Detail & Related papers (2021-06-14T20:48:48Z) - Adversarial Robustness with Non-uniform Perturbations [3.804240190982695]
Prior work mainly focus on crafting adversarial examples with small uniform norm-bounded perturbations across features to maintain the requirement of imperceptibility.
Our approach can be adapted to other domains where non-uniform perturbations more accurately represent realistic adversarial examples.
arXiv Detail & Related papers (2021-02-24T00:54:43Z) - Universal Adversarial Perturbations for Malware [15.748648955898528]
Universal Adversarial Perturbations (UAPs) identify noisy patterns that generalize across the input space.
We explore the challenges and strengths of UAPs in the context of malware classification.
We propose adversarial training-based mitigations using knowledge derived from the problem-space transformations.
arXiv Detail & Related papers (2021-02-12T20:06:10Z) - Adversarial Examples in Constrained Domains [29.137629314003423]
We investigate whether constrained domains are less vulnerable than unconstrained domains to adversarial example generation algorithms.
Our approaches generate misclassification rates in constrained domains that were comparable to those of unconstrained domains.
Our investigation shows that the narrow attack surface exposed by constrained domains is still sufficiently large to craft successful adversarial examples.
arXiv Detail & Related papers (2020-11-02T18:19:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.