| Statistical machine learning is widely used,such as face recognition and natural language processing.The adversarial algorithms are based on security and aim to ensure that the application can be protected from external attacks and enhance robustness.Support Vector Machine(SVM)is a kind of machine learning algorithm with the most complete theory and the most extensive application.The work of this paper is as follows:(1)For the specific application-intrusion detection system,this paper proposes a novel attack method-poisoning attack based on SVM intrusion detection system.This method misleads the machine learning process of SVM by distorting training data,thus reducing the recognition rate of intrusion detection system classification model to attack traffic;The attack effect is evaluated from the recall rate and precision of attack traffic.Experiments show that poisoning attack can effectively reduce the recognition rate of intrusion detection system.(2)For image data,an anti-sample generation algorithm based on particle swarm optimization is adopted.The concept of SVM “Attacking Saliency Feature” is proposed in this paper.The Attacking Saliency Feature is found in the feature space where the linear model is easy to process,and then the Attacking Saliency Feature is mapped back to the input space to complete the disturbance of the original sample.The advantage of easy optimization on the linear model in the feature space is fully utilized,and the interpretable advantage of distorting data in the original input space is also utilized.The classification accuracy of Yale face database is reduced to below 40% under 7% disturbance.According to the in-depth research on the specific application of statistical machine learning algorithms SVM,this paper studies the problem of insufficient robustness of the algorithm under the condition of adversary,and gives suggestions and ideas for defense,which provides a certain basis for further research on SVM security. |
PDF Full Text Request