Combinatorial Boosting of Ensembles of Diversified Classifiers for Defense Against Evasion Attacks
Abstract: Adversarial evasion attacks challenge the integrity of machine learning models by creating out-of-distribution samples that are then consistently misclassified. With a variety of detection and mitigation approaches proposed already, more sophisticated attacks typically defeat them. One of the most promising group of such approaches is based on creating multiple diversified models and leverage their ensemble properties for detection and mitigation of attacks. However, such approaches entail heavy computational cost for designing and training a significant number of models. The paper proposes (i) a combinatorial boosting of the number of diversified models that provides an exponentially expanded scope of reliable decisions, and (ii) robust methods for fusion of the resulting models and their combinations towards enhanced decisions in both benign and adversarial scenarios. Several versions of the approach were implemented and tested for network intrusion detection and color image classification tasks; the results show significant increase of resiliency against evasion attacks with low impact on benign performance.
0 Replies
Loading