Adversarial Simulation Testing Algorithm for SVM Based on Multi-objective Evolutionary Optimization

doi:10.16182/j.issn1004731x.joss.24-0101

Abstract

Abstract:

Machine learning typically mines underlying patterns and rules from data, making it susceptible to phenomena such as overfitting and underfitting, which in turn affects the generalization and robustness of learning models. This paper explores the potential fragility and instability of SVM from the perspective of adversarial simulation testing. The adversarial simulation strategy employed involves selectively contaminating training sample labels to simulate an attack on the SVM classifier, thereby degrading its performance and testing its dependency on training samples. To explore the ceiling of performance degradation of an SVM classifier under the combination attack of different samples, the contradictory objectives of minimum attack cost-maximum attack effectiveness are designed, and a multi-objective optimization model is constructed for SVM simulation tests. This model is fundamentally a typical multi-objective combinatorial optimization problem that can be properly solved using multi-objective evolutionary algorithms to find a set of non-dominated solutions among the objectives, facilitating the investigation of the classifier's stability under the combination attack of different samples. Comparative experimental results on simulated and real datasets show that the proposed method can identify optimal attack sample combination at varying attack levels in a single run, and achieve more severe classification performance degradation, making it more suitable and effective for investigating the stability of classifiers comprehensively.

Key words: adversarial simulation testing, label contamination, SVM, performance degradation, multi-objective optimization, non-dominated solutions

CLC Number:

TP306+.2

Li Feixing, Xing Lining, Zhou Yu. Adversarial Simulation Testing Algorithm for SVM Based on Multi-objective Evolutionary Optimization[J]. Journal of System Simulation, 2024, 36(9): 2016-2031.

Figures/Tables 14

Fig. 1

Fig. 2

Fig. 3

Fig. 4

Fig. 5

Fig. 6

Fig.7

Fig. 8

Fig. 9

Fig.10

Fig. 11

Table 1

Fig. 12

Fig. 13

References 33

1	Biggio Battista, Didaci Luca, Fumera Giorgio, et al. Poisoning Attacks to Compromise Face Templates[C]//2013 International Conference on Biometrics (ICB). Piscataway: IEEE, 2013: 1-7.
2	Rosenfeld E, Winston E, Ravikumar P, et al. Certified Robustness to Label-flipping Attacks via Randomized Smoothing[C]//Proceedings of the 37th International Conference on Machine Learning. Chia Laguna Resort: PMLR, 2020: 8230-8241.
3	Biggio Battista, Fumera Giorgio, Roli Fabio. Pattern Recognition Systems Under Attack: Design Issues and Research Challenges[J]. International Journal of Pattern Recognition and Artificial Intelligence, 2014, 28(7): 1460002.
4	P K Chan Patrick, Luo Fengzhi, Chen Zitong, et al. Transfer Learning Based Countermeasure Against Label Flipping Poisoning Attack[J]. Information Sciences, 2021, 548: 450-460.
5	Zhuo Lü, Cao Hongbo, Zhang Feng, et al. AWFC: Preventing Label Flipping Attacks Towards Federated Learning for Intelligent IoT[J]. The Computer Journal, 2022, 65(11): 2849-2859.
6	Najeeb Moharram Jebreel, Domingo-Ferrer Josep, Sánchez David, et al. LFighter: Defending Against the Label-flipping Attack in Federated Learning[J]. Neural Networks, 2024, 170: 111-126.
7	Fahri Anıl Yerlikaya, Bahtiyar Serif. Data Poisoning Attacks Against Machine Learning Algorithms[J]. Expert Systems with Applications, 2022, 208: 118101.
8	Biggio Battista, Corona Igino, Nelson Blaine, et al. Security Evaluation of Support Vector Machines in Adversarial Environments[M]//Ma Yunqian, Guo Guodong. Support Vector Machines Applications. Cham: Springer International Publishing, 2014: 105-153.
9	Xu Qianqian, Yang Zhiyong, Zhao Yunrui, et al. Rethinking Label Flipping Attack: From Sample Masking to Sample Thresholding[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2023, 45(6): 7668-7685.
10	Konda Reddy Mopuri, Shaj Vaisakh, Venkatesh Babu R. Adversarial Fooling Beyond "Flipping the Label"[C]//2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). Piscataway: IEEE, 2020: 3374-3382.
11	Zhang Hongpo, Cheng Ning, Zhang Yang, et al. Label Flipping Attacks Against Naive Bayes on Spam Filtering Systems[J]. Applied Intelligence, 2021, 51(7): 4503-4514.
12	Xiao Han, Stibor Thomas, Eckert Claudia. Evasion Attack of Multi-class Linear Classifiers[C]//Proceedings of the 16th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining. Berlin: Springer Berlin Heidelberg, 2012: 207-218.
13	Barreno M, Nelson B, Joseph A D, et al. The Security of Machine Learning[J]. Machine Learning, 2010, 81(2): 121-148.
14	Zhou Yan, Kantarcioglu M, Thuraisingham B, et al. Adversarial Support Vector Machine Learning[C]//Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: Association for Computing Machinery, 2012: 1059-1067.
15	Biggio Battista, Nelson Blaine, Laskov Pavel. Poisoning Attacks Against Support Vector Machines[C]//Proceedings of the 29th International Coference on Machine Learning. Madison: Omnipress, 2012: 1467-1474.
16	Biggio Battista, Nelson Blaine, Laskov Pavel. Support Vector Machines Under Adversarial Label Noise[C]//Proceedings of the Asian Conference on Machine Learning. Chia Laguna Resort: PMLR, 2011: 97-112.
17	Xiao Han, Xiao Huang, Eckert Claudia. Adversarial Label Flips Attack on Support Vector Machines[C]//Proceedings of the 20th European Conference on Artificial Intelligence. NLD: IOS Press, 2012: 870-875.
18	Xiao Huang, Biggio Battista, Nelson Blaine, et al. Support Vector Machines Under Adversarial Label Contamination[J]. Neurocomputing, 2015, 160: 53-62.
19	Mei Shike, Zhu Xiaojin. Using Machine Teaching to Identify Optimal Training-set Attacks on Machine Learners[C]//Proceedings of the Twenty-Ninth AAAI Conference on Artificial Intelligence. Palo Alto: AAAI Press, 2015: 2871-2877.
20	Burkard C, Lagesse B. Analysis of Causative Attacks Against SVMs Learning from Data Streams[C]//Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics. New York: Association for Computing Machinery, 2017: 31-36.
21	钱亚冠, 卢红波, 纪守领, 等. 基于粒子群优化的对抗样本生成算法[J]. 电子与信息学报, 2019, 41(7): 1658-1665.
	Qian Yaguan, Lu Hongbo, Ji Shouling, et al. Adversarial Example Generation Based on Particle Swarm Optimization[J]. Journal of Electronics & Information Technology, 2019, 41(7): 1658-1665.
22	Chakraborty Anirban, Alam Manaar, Dey V, et al. A Survey on Adversarial Attacks and Defences[J]. CAAI Transactions on Intelligence Technology, 2021, 6(1): 25-45.
23	Koh P W, Steinhardt J, Liang P. Stronger Data Poisoning Attacks Break Data Sanitization Defenses[J]. Machine Learning, 2022, 111(1): 1-47.
24	Jha R D, Hayase J, Oh S. Label Poisoning Is All You Need[C]//Proceedings of the 37th International Conference on Neural Information Processing Systems. Red Hook: Curran Associates Inc., 2023: 71029-71052.
25	Lingam Vijay, Mohammad Sadegh Akhondzadeh, Bojchevski Aleksandar. Rethinking Label Poisoning for Gnns: Pitfalls and Attacks[C]//ICLR 2024. New York: ICLR, 2024: 1-29.
26	Yao Feng, Du Yonghao, Li Lei, et al. General Modeling and Optimization Technique for Real-world Earth Observation Satellite Scheduling[J]. Frontiers of Engineering Management, 2023, 10(4): 695-709.
27	Wang Yuting, Han Yuyan, Gong Dunwei, et al. A Review of Intelligent Optimization for Group Scheduling Problems in Cellular Manufacturing[J]. Frontiers of Engineering Management, 2023, 10(3): 406-426.
28	He Yongming, Xing Lining, Chen Yingwu, et al. A Generic Markov Decision Process Model and Reinforcement Learning Method for Scheduling Agile Earth Observation Satellites[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2022, 52(3): 1463-1474.
29	Xing Lining, Rohlfshagen P, Chen Yingwu, et al. An Evolutionary Approach to the Multidepot Capacitated Arc Routing Problem[J]. IEEE Transactions on Evolutionary Computation, 2010, 14(3): 356-374.
30	Xing Lining, Rohlfshagen P, Chen Yingwu, et al. A Hybrid Ant Colony Optimization Algorithm for the Extended Capacitated Arc Routing Problem[J]. IEEE Transactions on Systems Man and Cybernetics Part B-Cybernetics, 2011, 41(4): 1110-1123.
31	Wang Xuewu, Hua Yi, Gao Jin, et al. Digital Twin Implementation of Autonomous Planning Arc Welding Robot System[J]. Complex System Modeling and Simulation, 2023, 3(3): 236-251.
32	Zhang Qingfu, Li Hui. MOEA/D: A Multiobjective Evolutionary Algorithm Based on Decomposition[J]. IEEE Transactions on Evolutionary Computation, 2007, 11(6): 712-731.
33	Ni Wayan Surya Wardhani, Masithoh Yessi Rochayani, Iriany Atiek, et al. Cross-validation Metrics for Evaluating Classification Performance on Imbalanced Data[C]//2019 International Conference on Computer, Control, Informatics and its Applications (IC3INA). Piscataway: IEEE, 2019: 14-18.

模式	核函数	原模型	ALFA	ALFA-CR	ALFA-Tilt	ALFA-CC	NLFA	FLFA	RLFA	ALFA-MO
线性可分模式	线性核	0.987 8	0.950 1	0.928 8	0.891 6	0.928 0	0.975 0	0.915 1	0.955 5	0.822 3
	径向基核	0.976 1	0.890 5	0.952 4	0.838 5	0.942 1	0.952 1	0.966 7	0.974 4	0.820 2
	多项式核	0.979 5	0.788 2	0.934 7	0.847 8	0.902 2	0.974 8	0.808 9	0.937 9	0.737 8
抛物可分模式	线性核	0.760 1	0.656 7	0.762 1	0.656 3	0.761 4	0.760 6	0.755 7	0.760 8	0.640 3
	径向基核	0.972 9	0.899 4	0.953 3	0.924 6	0.924 6	0.956 9	0.912 2	0.965 1	0.823 3
	多项式核	0.871 3	0.618 5	0.820 4	0.762 7	0.810 2	0.871 7	0.616 5	0.835 5	0.603 0
环形可分模式	径向基核	0.956 7	0.932 3	0.952 4	0.911 9	0.887 1	0.943 9	0.939 9	0.948 0	0.785 4
环形可分模式	多项式核	0.763 8	0.397 2	0.589 2	0.469 4	0.727 6	0.745 1	0.397 2	0.721 1	0.357 1

[1]	Zhang Wenqiang, Wang Xiaomeng, Zhang Xiaoxiao, Zhang Guohui. Hybrid Evolutionary Multi-objective Optimization Algorithm for Vehicle Routing Problem with Simultaneous Delivery and Pickup [J]. Journal of System Simulation, 2024, 36(8): 1914-1928.
[2]	Jiang Quan, Wei Jingxuan. Real-time Scheduling Method for Dynamic Flexible Job Shop Scheduling [J]. Journal of System Simulation, 2024, 36(7): 1609-1620.
[3]	Deng Mingjun, Hu Xinxia, Li Xiang, Xu Liping. Arterial Coordination Optimization Method Based on Vehicle Speed Guidance and Inductive Control [J]. Journal of System Simulation, 2024, 36(6): 1309-1321.
[4]	Wen Tingxin, Guan Tingyu. Hybrid Flow Shop Scheduling with Limited Buffers Considering Energy Consumption and Transportation [J]. Journal of System Simulation, 2024, 36(6): 1344-1358.
[5]	Zhao Jia, Lai Zhizhen, Wu Runxiu, Cui Zhihua, Wang Hui. Hierarchical Guided Enhanced Multi-objective Firefly Algorithm [J]. Journal of System Simulation, 2024, 36(5): 1152-1164.
[6]	Wang Yubo, Hu Chengyu, Gong Wenyin. Handling Constrained Multi-objective Optimization Problems Based on Relationship Between Pareto Fronts [J]. Journal of System Simulation, 2024, 36(4): 901-914.
[7]	Zeng Shaoda, Liu Hailin. Planning Modeling and Optimization Algorithm for 5G Indoor Distribution System [J]. Journal of System Simulation, 2024, 36(3): 659-672.
[8]	An Jing, Si Guangya, Zeng Miaoting. Construction of Surrogate Model Driven by Model and Data [J]. Journal of System Simulation, 2024, 36(3): 756-769.
[9]	Wang Hui, Peng Le. Improved Multi-objective Swarm Algorithm to Optimize Wash-out Motion and its Simulation Experiment [J]. Journal of System Simulation, 2024, 36(2): 436-448.
[10]	Li Zhang, Mingling He, Qiushuang Yin, Ning Li, Le'an Yu. Research on Period Emergency Supply Distribution Optimization Under Uncertainty [J]. Journal of System Simulation, 2023, 35(8): 1669-1680.
[11]	Xu Wang, Weidong Ji, Guohui Zhou, Jiahui Yang. Multi-objective Optimization Algorithm Based on Multi-index Elite Individual Game Mechanism [J]. Journal of System Simulation, 2023, 35(3): 494-514.
[12]	Chaoyang Zhang, Liping Xu, Jian Li, Yihao Zhao, Kui He. Flexible Job-Shop Scheduling Problem Based on Improved Wolf Pack Algorithm [J]. Journal of System Simulation, 2023, 35(3): 534-543.
[13]	Weidong Ji, Yuqi Yue, Xu Wang, Ping Lin. Large-scale Multi-objective Natural Computation Based on Dimensionality Reduction and Clustering [J]. Journal of System Simulation, 2023, 35(1): 41-56.
[14]	Yan Xiuying, Dang Miaomiao. Optimization of Household Electricity Consumption Period Based on Improved Multi-objective Particle Swarm Optimization [J]. Journal of System Simulation, 2022, 34(1): 70-78.
[15]	Hongliang Zhang, Renman Ding, Gongjie Xu. Energy-Efficient Scheduling of Multi-objective Flexible Job Shop Considering Interval Processing Time [J]. Journal of System Simulation, 2022, 34(09): 1976-1987.