MISLEAD: Manipulating Importance of Selected features for Learning Epsilon in Evasion Attack Deception

Vidit Khazanchi,Pavan Kulkarni,Yuvaraj Govindarajulu,Manojkumar Parmar
2024-05-02
Abstract:Emerging vulnerabilities in machine learning (ML) models due to adversarial attacks raise concerns about their reliability. Specifically, evasion attacks manipulate models by introducing precise perturbations to input data, causing erroneous predictions. To address this, we propose a methodology combining SHapley Additive exPlanations (SHAP) for feature importance analysis with an innovative Optimal Epsilon technique for conducting evasion attacks. Our approach begins with SHAP-based analysis to understand model vulnerabilities, crucial for devising targeted evasion strategies. The Optimal Epsilon technique, employing a Binary Search algorithm, efficiently determines the minimum epsilon needed for successful evasion. Evaluation across diverse machine learning architectures demonstrates the technique's precision in generating adversarial samples, underscoring its efficacy in manipulating model outcomes. This study emphasizes the critical importance of continuous assessment and monitoring to identify and mitigate potential security risks in machine learning systems.
Machine Learning,Cryptography and Security
What problem does this paper attempt to address?
### What problem does this paper attempt to solve? This paper aims to solve the problem of the vulnerability of machine learning (ML) models when facing evasion attacks. Specifically, evasion attacks introduce precise perturbations in the input data, causing the model to make incorrect predictions. To address this challenge, the author proposes a method that combines SHapley Additive exPlanations (SHAP) feature importance analysis with an innovative optimal Epsilon technique. #### Main problems: 1. **Vulnerability of machine learning models**: With the wide application of machine learning models, their vulnerability to adversarial attacks (especially evasion attacks) has gradually emerged. These attacks make the model produce incorrect predictions through tiny perturbations in the input data, which may lead to serious consequences. 2. **Effectiveness and stealthiness of evasion attacks**: Existing evasion attack methods usually require large perturbations to successfully deceive the model, which makes the attacks easy to be detected. Therefore, how to achieve effective evasion attacks with the minimum perturbation has become a key issue. #### Solutions: - **SHAP feature importance analysis**: Use SHAP values to analyze the importance of features, so as to understand the vulnerability of the model. This helps to develop targeted evasion strategies. - **Optimal Epsilon technique**: Determine the minimum Epsilon value required for successfully implementing evasion attacks through the binary search algorithm. Epsilon represents the magnitude of the perturbation, and the minimum Epsilon means that the model can be deceived without causing obvious changes. #### Experimental verification: - The paper evaluates the effectiveness of this method through multiple machine learning architectures and datasets, shows its precision in generating adversarial samples, and emphasizes the importance of continuous evaluation and monitoring to identify and mitigate potential security risks in machine learning systems. ### Summary: By combining SHAP feature importance analysis and the optimal Epsilon technique, this paper provides a systematic method to evaluate and utilize the vulnerability of machine learning models, thereby achieving efficient evasion attacks. This method not only improves the success rate of attacks but also ensures the stealthiness of attacks, providing a new perspective for understanding and enhancing the security of machine learning systems.