| Pattern recognition and Machine Learning(ML)have been widely used in many security-sensitive areas such as face recognition,driverless cars,and intrusion detection and so on.The security of machine learning technologies also attract much attention,so adversarial machine learning has become a research hotspot.In the confrontational environment,machine learning is also threatened by the attackers,that is,the attackers will modify a small number of samples to induce the classifier to make the incorrect classification decision.Evasion attacks are a widely existed attacks in the adversarial environment,that is,the attacker will modify the malicious samples during the test phase so that the modified ones can escape the detection of the classifier.At present,there are a lot of researches on the classification algorithms against evasion attacks.However,as a key problem in machine learning and data mining,how to design robust feature selection algorithms for evasion attacks also has an important research significance.Therefore,this paper mainly studies the adversarial feature selection,and the related content mainly includes the following two parts.In the first part,the current adversarial feature selection algorithm(WAFS)against evasion attacks belongs to the wrapper model.The model relies on subsequent classification learning algorithms.For high dimensional data,its time complexity is very high.Therefore,based on maximum Relevance and Minimum Redundancy(mRMR)and security term designed for defensing evasion attacks,we design an evaluation criterion for adversarial feature selection and propose an adversarial feature selection algorithm based on mRMR(FAFS),which does not rely on any classification algorithm in the feature selection process and has low time cost and belongs to the filter model.On the one hand,the algorithm considers the correlation between individual features and labels and the redundancy between features and features.On the other hand,when selecting features,the algorithm considers the generalization ability without attacks and considers the security under the evasion attacks.The experimental results show that,compared to the existing adversarial feature selection algorithms,the FAFS algorithm has the comparable classification accuracy,and the better robustness and the lower time complexity under the evasion attacks.In the second part,search strategy is one of the key issues in the feature selection.The existing feature selection algorithms often use the forward selection search strategy to obtain the feature subset.This strategy belongs to the greedy algorithm and tends to fall into local convergence,and it is difficult to find the optimal feature subset.Therefore,based on the Pareto optimization for subset set with decomposition strategy(DPOSS),this paper proposes an adversarial feature selection algorithm based on the DPOSS algorithm(SDPOSS).The algorithm decomposes the entire feature space into several feature subspaces,and then calls the Pareto optimization for subset set(POSS)to solve.Experiments show that,as the number of decomposition increases,the running time of the SDPOSS will decrease linearly,and classification accuracy is still acceptable.Moreover,the robustness of SDPOSS is better than other adversarial feature selection methods against evasion attacks. |
PDF Full Text Request