Not All Datasets Are Born Equal: On Heterogeneous Data and Adversarial Examples

by   Eden Levy, et al.

Recent work on adversarial learning has focused mainly on neural networks and domains where they excel, such as computer vision. The data in these domains is homogeneous, whereas heterogeneous tabular data domains remain underexplored despite their prevalence. Constructing an attack on models with heterogeneous input spaces is challenging, as they are governed by complex domain-specific validity rules and comprised of nominal, ordinal, and numerical features. We argue that machine learning models trained on heterogeneous tabular data are as susceptible to adversarial manipulations as those trained on continuous or homogeneous data such as images. In this paper, we introduce an optimization framework for identifying adversarial perturbations in heterogeneous input spaces. We define distribution-aware constraints for preserving the consistency of the adversarial examples and incorporate them by embedding the heterogeneous input into a continuous latent space. Our approach focuses on an adversary who aims to craft valid perturbations of minimal l_0-norms and apply them in real life. We propose a neural network-based implementation of our approach and demonstrate its effectiveness using three datasets from different content domains. Our results suggest that despite the several constraints heterogeneity imposes on the input space of a machine learning model, the susceptibility to adversarial examples remains unimpaired.


page 1

page 2

page 3

page 4


Siamese networks for generating adversarial examples

Machine learning models are vulnerable to adversarial examples. An adver...

On the Robustness of Domain Constraints

Machine learning is vulnerable to adversarial examples-inputs designed t...

Adversarial Robustness for Tabular Data through Cost and Utility Awareness

Many machine learning problems use data in the tabular domains. Adversar...

Evading classifiers in discrete domains with provable optimality guarantees

Security-critical applications such as malware, fraud, or spam detection...

Adversarial Robustness with Non-uniform Perturbations

Robustness of machine learning models is critical for security related a...

Quantifying and Understanding Adversarial Examples in Discrete Input Spaces

Modern classification algorithms are susceptible to adversarial examples...

DAAIN: Detection of Anomalous and Adversarial Input using Normalizing Flows

Despite much recent work, detecting out-of-distribution (OOD) inputs and...

Please sign up or login with your details

Forgot password? Click here to reset