Causative label flip attack detection with data complexity measures

A causative attack which manipulates training samples to mislead learning is a common attack scenario. Current countermeasures reduce the influence of the attack to a classifier with the loss of generalization ability. Therefore, the collected samples should be analyzed carefully. Most countermeasur...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of machine learning and cybernetics Vol. 12; no. 1; pp. 103 - 116
Main Authors Chan, Patrick P. K., He, Zhimin, Hu, Xian, Tsang, Eric C. C., Yeung, Daniel S., Ng, Wing W. Y.
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 2021
Springer Nature B.V
Subjects
Accuracy
Artificial Intelligence
Classification
Classifiers
Complex Systems
Complexity
Computational Intelligence
Control
Datasets
Engineering
Learning
Mechatronics
Neural networks
Original Article
Pattern Recognition
Robotics
Robustness
Security systems
Support vector machines
Systems Biology
Taxonomy
Data complexity
Label flip attack
Causative attack detection
Adversarial learning
Online AccessGet full text

Cover

More Information
Summary:A causative attack which manipulates training samples to mislead learning is a common attack scenario. Current countermeasures reduce the influence of the attack to a classifier with the loss of generalization ability. Therefore, the collected samples should be analyzed carefully. Most countermeasures of current causative attack focus on data sanitization and robust classifier design. To our best knowledge, there is no work to determinate whether a given dataset is contaminated by a causative attack. In this study, we formulate a causative attack detection as a 2-class classification problem in which a sample represents a dataset quantified by data complexity measures, which describe the geometrical characteristics of data. As geometrical natures of a dataset are changed by a causative attack, we believe data complexity measures provide useful information for causative attack detection. Furthermore, a two-step secure classification model is proposed to demonstrate how the proposed causative attack detection improves the robustness of learning. Either a robust or traditional learning method is used according to the existence of causative attack. Experimental results illustrate that data complexity measures separate untainted datasets from attacked ones clearly, and confirm the promising performance of the proposed methods in terms of accuracy and robustness. The results consistently suggest that data complexity measures provide the crucial information to detect causative attack, and are useful to increase the robustness of learning.
ISSN:1868-8071
1868-808X
DOI:10.1007/s13042-020-01159-7