对抗逃避攻击的过滤式对抗特征选择研究  被引量：1

作　　者：黄启萌 吴苗苗 李云[1,2] HUANG Qimeng;WU Miaomiao;LI Yun(Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu Key Laboratory for Big Data Security and Intelligent Processing,Nanjing 210023,China)

机构地区：[1]南京邮电大学,江苏南京210023 [2]江苏省大数据安全与智能处理重点实验室,江苏南京210023

出　　处：《电信科学》2023年第7期46-58,共13页Telecommunications Science

基　　金：国家自然科学基金资助项目(No.61772284)。

摘　　要：随着机器学习技术的高速发展和大规模应用,其安全性越来越受关注,对抗性机器学习成为研究热点。在对抗性环境中,机器学习技术面临着被攻击的威胁,如垃圾邮件检测、交通信号识别、网络入侵检测等,攻击者通过篡改少量样本诱使分类器做出错误的分类决策,从而产生严重后果。基于最大相关最小冗余(mRMR),并考虑对抗逃避攻击的安全度量,设计了过滤式对抗特征选择的评价准则。此外,还基于分解策略的多目标演化子集选择(DPOSS)算法,提出一种鲁棒性对抗特征选择算法SDPOSS,其不依赖后续模型,且能有效处理大规模高维特征。实验结果表明,随着分解个数的增加,SDPOSS的运行时间会线性下降,且获得很好的分类性能。同时,SDPOSS算法在逃避攻击下的鲁棒性较好,为对抗性机器学习提供了新的思路。With the rapid development and widespread application of machine learning technology,its security has attracted increasing attention,leading to a growing interest in adversarial machine learning.In adversarial scenarios,machine learning techniques are threatened by attacks that manipulate a small number of samples to induce misclas-sification,resulting in serious consequences in various domains such as spam detection,traffic signal recognition,and network intrusion detection.An evaluation criterion for filter-based adversarial feature selection was proposed,based on the minimum redundancy and maximum relevance(mRMR)method,while considering security metrics against evasion attacks.Additionally,a robust adversarial feature selection algorithm was introduced,named SDPOSS,which was based on the decomposition-based Pareto optimization for subset selection(DPOSS)algorithm.SDPOSS didn’t depend on subsequent models and effectively handles large-scale high-dimensional feature spaces.Experimental re-sults demonstrate that as the number of decompositions increases,the runtime of SDPOSS decreases linearly,while achieving excellent classification performance.Moreover,SDPOSS exhibits strong robustness against evasion attacks,providing new insights for adversarial machine learning.

关 键 词：对抗特征选择 逃避攻击 mRMR 安全性评估准则 帕累托占优 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]