Suspicion-Free Adversarial Attacks on Clustering Algorithms
Authors: Anshuman Chhabra, Abhishek Roy, Prasant Mohapatra3625-3632
AAAI 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We theoretically show the existence of such adversarial samples for the K-Means clustering. Our attack is especially strong as (1) we ensure the perturbed sample is not an outlier, hence not detectable, and (2) the exact metric used for clustering is not known to the attacker. We theoretically justify that the attack can indeed be successful without the knowledge of the true metric. We conclude by providing empirical results on a number of datasets, and clustering algorithms. |
| Researcher Affiliation | Academia | Anshuman Chhabra, Abhishek Roy, Prasant Mohapatra Department of Computer Science, University of California, Davis Department of Electrical and Computer Engineering, University of California, Davis {chhabra, abroy, pmohapatra}@ucdavis.edu |
| Pseudocode | Yes | Algorithm 1 Proposed Black-box Adversarial Attack |
| Open Source Code | Yes | We have also open-sourced the code used to generate all results using our proposed attack algorithm on Git Hub (Chhabra 2019). |
| Open Datasets | Yes | UCI Handwritten Digits dataset (Alpaydin and Kaynak 1995), the MNIST dataset (Le Cun 1998), the Mo Cap Hand Postures dataset (Gardner et al. 2014), and the UCI Wheat Seeds dataset (Charytanowicz et al. 2010). |
| Dataset Splits | No | The paper describes the datasets used for clustering and attack evaluation, but it does not specify explicit training, validation, and test dataset splits in terms of percentages or sample counts for model training or evaluation in a typical supervised learning context. |
| Hardware Specification | No | The paper does not provide specific details about the hardware (e.g., GPU/CPU models, memory) used to run the experiments. |
| Software Dependencies | No | The paper mentions using the "Scikit-learn package (Pedregosa et al. 2011)" for K-means and Ward's clustering, and refers to an "open-source implementation of (Knysh and Korkolis 2016)" for the RBF surface response method. However, it does not provide specific version numbers for these software dependencies. |
| Experiment Setup | Yes | The noise threshold Δ is determined by adversary s motivation of not getting detected as an outlier, and/or the limited attack budget of the adversary. ... Δ is chosen such that the perturbed point is at least above 0.1 quantile of the COMD values of the dataset. |