Towards Efficient and Domain-Agnostic Evasion Attack with High-Dimensional Categorical Inputs
Authors: Hongyan Bao, Yufei Han, Yujun Zhou, Xin Gao, Xiangliang Zhang
AAAI 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In empirical analysis, we compare FEAT with other state-of-the-art domain-agnostic attack methods over various real-world categorical data sets of different applications. Substantial experimental observations confirm the expected efficiency and attack effectiveness of FEAT applied in different application scenarios. |
| Researcher Affiliation | Academia | Hongyan Bao1, Yufei Han2, Yujun Zhou1, Xin Gao1, Xiangliang Zhang3,1,* 1King Abdullah University of Science and Technology 2INRIA 3University of Notre Dame |
| Pseudocode | Yes | Algorithm 1: FEAT: Fast and Effective Adversarial a Ttack |
| Open Source Code | Yes | Implementations of the experiments are available at https://github.com/xnudinfc/FEAT. |
| Open Datasets | Yes | Yelp-5 (Yelp) (Asghar 2016). Intrusion Prevention System Dataset (IPS) (Wang et al. 2020). Windows PE Malware Detection (PEDec). Electronic Health Records (EHR) (Ma et al. 2018b). |
| Dataset Splits | No | The paper specifies training and testing splits for its datasets (e.g., '650K training and 50K testing samples', '80%... for training and rest for testing'), but it does not explicitly mention or detail a separate validation set split. |
| Hardware Specification | Yes | We conduct all the experiments on Linux server with 2 GPUs (Ge Force 1080Ti) and 16-core CPU (Intel Xeon). |
| Software Dependencies | No | The paper mentions software components like 'CNN model', 'LSTM', 'Re Lu activation function', and 'dropout module', but does not provide specific version numbers for any libraries (e.g., TensorFlow, PyTorch) or programming languages. |
| Experiment Setup | Yes | For PEDec dataset, we adopt a simple CNN model composed of one convolution layer followed by two linear layers. The rest datasets contain sequential instances, we thus apply standard LSTM as the classifier. Without loss of generality, we use Re Lu activation function in both the CNN and LSTM classifier with the dropout module. A constant Λ is added to Eq.2 to ensure the non-negativeness of the received rewards. In practices, we set Λ = 1. τ is a tunable parameter, adjusting the number of search rounds within the selected top L features. We choose τ empirically to 1/3 of the attack budget, which presents consistently good attack success rate with low attack budget cost. |