Mixed Bayesian Stackelberg Strategies for Robust Adversarial Classifiers
DOI:
https://doi.org/10.4108/eetsis.7635Keywords:
Convolution neural networks (CNN), Game theory, Stackelberg games, Mixed strategies, Adversarial TrainingAbstract
Deep neural networks (DNNs) have achieved state-of-the-art performance in classification tasks; however, they are susceptible to small perturbations that are seemingly imperceptible to the human eye but are enough to fool the network into misclassifying images. To develop more robust DNNs against adversarial attacks, research methods have focused on exploring the interaction between a machine learning classifier and a single adversary. However, these methods do not adequately model the real-world scenarios in which these classifiers are deployed. In this research paper, we address this gap and propose an adversarial learning algorithm with multiple adversaries using Bayesian Stackelberg games to model the interaction between the learner and multiple adversaries. We conclude that the nested Bayesian Stackelberg method is a useful strategy for developing adversarial learning algorithms to improve the robustness of DNNs. This strategy can serve as a benchmark in future defense attempts to create DNNs that resist adversarial attacks.
References
[1] M. Gupta and R. K. Dwivedi, “Blockchain- based secure and efficient scheme for medical data,” EAI Endorsed Transactions on Scalable Information Systems, vol. 10, no. 5, 6 2023.
[2] X. Sun, H. Wang, J. Li, and J. Pei, “Publishing anonymous survey rating data,” Data Mining and Knowledge Discovery, vol. 23, pp. 379–406, 11 2011.
[3] J. Yin, M. Tang, J. Cao, and H. Wang, “Apply transfer learning to cybersecurity: Predicting exploitability of vulnerabilities by description,” Knowledge-Based Systems, vol. 210, 10 2020.
[4] H. Wang, Y. Zhang, and J. Cao, “Ubiquitous computing environments and its usage access control,” vol. 152, 01 2006, p. 6.
[5] A. Akan and M. Vural, “Just noticeable difference for machines to generate adversarial images,” arXiv Preprint arXiv, 2020, accepted. Available upon request.
[6] J. Yin, M. Tang, J. Cao, H. Wang, M. You, and Y. Lin, “Vulnerability exploitation time prediction: an integrated framework for dynamic imbalanced learning,” World Wide Web, pp. 401–423, 01 2022.
[7] J. Zhang, X. Tao, and H. Wang, “Outlier detection from large distributed databases,” World Wide Web, vol. 17, 07 2014.
[8] E. Kabir and H. Wang, “Conditional purpose based access control model for privacy protection,” vol. 92, 01 2009, pp. 137–144.
[9] A. Tripathi and J. Prakash, “Blockchain enabled interpolation based reversible data hiding mechanism for protecting records,” EAI Endorsed Transactions on Scalable Information Systems, vol. 10, no. 5, 5 2023.
[10] X. Sun, H. Wang, J. Li, and Y. Zhang, “Injecting purpose and trust into data anonymisation,” Computers Security, vol. 30, pp. 332–345, 07 2011.
[11] E. Kabir, “A role-involved purpose-based access control model,” Information Systems Frontiers, vol. 14, pp. 809–822, 07 2012.
[12] L. Sun, J. Ma, H. Wang, and Y. Zhang, “Cloud service description model: An extension of usdl for cloud services,” IEEE Transactions on Services Computing, vol. PP, pp. 1–1, 08 2015.
[13] N. Carlini and A. A., “Simple black-box adversarial attacks,” arXiv preprint arXiv, 2019.
[14] N. Akhtar and A. Mian, “Threat of adversarial attacks on deep learning in computer vision: A survey,” Proceedings of the IEEE, 2018.
[15] P. Anay, T. Zhenyi, L. Shuijing, B. Gautham, and C. Girish, “Robust deep reinforcement learning with adversarial attacks,” 2017.
[16] S. Siuly, O. Alcin, E. Kabir, A. Sengur, H. Wang, Y. Zhang, and F. Whittaker, “A new framework for automatic detection of patients with mild cognitive impairment using resting-state eeg signals,” IEEE Transactions on Neural Systems and Rehabilitation Engineering, vol. PP, pp. 1–1, 07 2020.
[17] J.-Y. Li, Z.-H. Zhan, H. Wang, and J. Zhang, “Data-driven evolutionary algorithm with perturbation-based ensemble surrogates,” IEEE Transactions on Cybernetics, vol. PP, pp. 1–13, 08 2020.
[18] Y.-F. Ge, H. Wang, E. Bertino, Z.-H. Zhan, J. Cao, Y. Zhang, and J. Zhang, “Evolutionary dynamic database partitioning optimization for privacy and utility,” IEEE Transactions on Dependable and Secure Computing, pp. 1–17, 2023.
[19] C. Wang, B. Sun, K.-J. Du, J.-Y. Li, Z.-H. Zhan, S.-W. Jeon, H. Wang, and J. Zhang, “A novel evolutionary algorithm with column and sub-block local search for sudoku puzzles,” IEEE Transactions on Games, vol. PP, pp. 1–11, 01 2023.
[20] E. Kabir, A. Mahmood, H. Wang, and A. Mustafa, “Microaggregation sorting framework for k-anonymity statistical disclosure control in cloud computing,” IEEE Transactions on Cloud Computing, vol. PP, pp. 408–417, 08 2020.
[21] H. Wang, Y. Zhang, J. Cao, and V. Varadharajan, “Achieving secure and flexible m-services through tickets,” Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions on, vol. 33, pp. 697 – 708, 12 2003.
[22] L. Dritsoula and P. Loiseau, “A game-theoretic analysis of adversarial classification,” IEEE Transactions on Information Forensics and Security, 2017.
[23] J.-Q. Yang, Q.-T. Yang, K.-J. Du, C.-H. Chen, H. Wang, S.-W. Jeon, J. Zhang, and Z.-H. Zhan, “Bi-directional feature fixation-based particle swarm optimization for large-scale feature selection,” IEEE Transactions on Big Data, vol. PP, pp. 1–14, 01 2022.
[24] J. Yin, M. Tang, J. Cao, M. You, H. Wang, and M. Alazab, “Knowledge-driven cybersecurity intelligence: Software vulnerability coexploitation behavior discovery,” IEEE Transactions on Industrial Informatics, vol. PP, pp. 1–9, 01 2022.
[25] J.-Y. Li, K.-J. Du, Z.-H. Zhan, H. Wang, and J. Zhang, “Distributed differential evolution with adaptive resource allocation,” IEEE transactions on cybernetics, vol. PP, 03 2022.
[26] R. Sarki, K. Ahmed, H. Wang, Y. Zhang, and K. Wang, “Convolutional neural network for multi-class classifi-cation of diabetic eye disease,” EAI Endorsed Transactions on Scalable Information Systems, vol. 9, no. 4, 12 2021.
[27] E. Wong and L. Rice, “Fast is better than free: Revisiting adversarial training,” 2020.
[28] A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and V. A, “Towards deep learning models resistant to adversarial attacks,” 2018.
[29] I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” CoRR, vol. abs/1412.6572, 2014. [Online]. Available: https://api.semanticscholar.org/CorpusID:6706414
[30] K. Grosse, D. Pfaff, and M. Smith, “The limitations of model uncertainty in adversarial settings,” 2018.
[31] A. Anish, C. Nicholas, and W. David, “Maximum efficiency and output of class-f power amplifiers,” International Conference on Machine Learning (ICML), p. 1802.00420, 2018.
[32] T. Fiez, B. Chasnov, and L. Ratliff, “Implicit learning dynamics in stackelberg games: equilibria characteriza-tion, convergence analysis, and empirical study,” in Pro-ceedings of the 37th International Conference on Machine Learning, ser. ICML’20. JMLR.org, 2020.
[33] P. Paruchuri, J. P. Pearce, J. Marecki, M. Tambe, F. Ordonez, and S. Kraus, “Playing games for security: an efficient exact algorithm for solving bayesian stackelberg games,” in Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems - Volume 2, ser. AAMAS ’08. Richland, SC: International Foundation for Autonomous Agents and Multiagent Systems, 2008, p. 895–902.
[34] Y.-F. Ge, W.-J. Yu, J. Cao, H. Wang, Z.-H. Zhan, Y. Zhang, and J. Zhang, “Distributed memetic algorithm for outsourced database fragmentation,” IEEE Transactions on Cybernetics, vol. PP, pp. 1–14, 11 2020.
[35] F. Liu, X. Zhou, J. Cao, Z. Wang, W. Tianben, H. Wang, and Y. Zhang, “Anomaly detection in quasi-periodic time series based on automatic data segmentation and attentional lstm-cnn,” IEEE Transactions on Knowledge and Data Engineering, vol. PP, pp. 1–1, 08 2020.
[36] H. Wang, J. Cao, and Y. Zhang, “A flexible payment scheme and its role-based access control,” Knowledge and Data Engineering, IEEE Transactions on, vol. 17, pp. 425–436, 04 2005.
[37] J. Shu, X. Jia, K. YANG, and H. Wang, “Privacy-preserving task recommendation services for crowd-sourcing,” IEEE Transactions on Services Computing, vol. PP, pp. 1–1, 01 2018.
[38] Y. Zhang, Y. Shen, H. Wang, J. Yong, and X. Jiang, “On secure wireless communications for iot under eavesdrop-per collusion,” IEEE Transactions on Automation Science and Engineering, vol. 13, pp. 1–13, 12 2015.
[39] K. Cheng, L. Wang, Y. Shen, H. Wang, Y. Wang, X. Jiang, and H. Zhong, “Secure k-nn query on encrypted cloud data with multiple keys,” IEEE Transactions on Big Data, vol. PP, pp. 1–1, 05 2017.
[40] H. Wang, Y. Zhang, and J. Cao, “Effective collaboration with information sharing in virtual universities,” IEEE Trans. Knowl. Data Eng., vol. 21, pp. 840–853, 06 2009.
[41] R. Singh, S. Subramani, J. Du, Y. Zhang, H. Wang, Y. Miao, and K. Ahmed, “Antisocial behavior identification from twitter feeds using traditional machine learning algorithms and deep learning,” EAI Endorsed Transactions on Scalable Information Systems, vol. 10, no. 4, p. e17, May 2023.[Online]. Available: https://publications.eai.eu/index. php/sis/article/view/3184
[42] J. Yin, M. Tang, J. Cao, M. You, H. Wang, and M. Alazab, “Knowledge-driven cybersecurity intelligence: Software vulnerability co-exploitation behaviour discovery,” IEEE Transactions on Industrial Informatics, 2022.
[43] S. Siuly, Alçin, H. Wang, Y. Li, and P. Wen, “Exploring rhythms and channels-based eeg biomarkers for early detection of alzheimer’s disease,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. PP, pp. 1–15, 04 2024.
[44] J. Zhang, H. Li, X. Liu, Y. Luo, F. Chen, and H. Wang, “On efficient and robust anonymization for privacy protection on massive streaming categorical information,” IEEE Transactions on Dependable and Secure Computing, vol. PP, pp. 1–1, 09 2015.
[45] Y.-F. Ge, M. Orlowska, J. Cao, H. Wang, and Y. Zhang, “Mdde: multitasking distributed differential evolution for privacy-preserving database fragmentation,” The VLDB Journal, vol. 31, pp. 1–19, 01 2022.
[46] Z.-J. Wang, Z.-H. Zhan, Y. Lin, W.-J. Yu, H. Wang, S. Kwong, and J. Zhang, “Automatic niching differential evolution with contour prediction approach for mul-timodal optimization problems,” IEEE Transactions on Evolutionary Computation, vol. PP, pp. 1–1, 04 2019.
[47] Y. Zhang, Y. Gong, Y. Gao, H. Wang, and J. Zhang, “Parameter-free voronoi neighborhood for evolutionary multimodal optimization,” IEEE Transactions on Evolu-tionary Computation, vol. 24, no. 2, pp. 335–349, 2020.
[48] Z. Zhang, L. Teng, M. Zhou, and H. Wang, “Enhanced branch-and-bound framework for a class of sequencing problems,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. PP, pp. 1–11, 05 2019.
[49] T. Huang, Y.-J. Gong, S. Kwong, H. Wang, and J. Zhang, “A niching memetic algorithm for multi-solution traveling salesman problem,” IEEE Transactions on Evolutionary Computation, vol. 24, no. 3, pp. 508–522, 2019.
[50] J. Bose and G. Gidel, “Adversarial example games,” Proc NeurIPS, 2020.
[51] W. Shi, W.-n. Chen, S. Kwong, J. Zhang, H. Wang, G. Tianlong, H. Yuan, and J. Zhang, “A coevolutionary estimation of distribution algorithm for group insurance portfolio,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. PP, pp. 1–15, 07 2021.
[52] A. Alvi, S. Siuly, and H. Wang, “A long short-term memory based framework for early detection of mild cognitive impairment from eeg signals,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. PP, pp. 1–14, 01 2022.
[53] M. N. A. Tawhid, S. Siuly, K. Wang, and H. Wang, “Automatic and efficient framework for identifying multiple neurological disorders from eeg signals,” IEEE Transactions on Technology and Society, vol. PP, pp. 1–1, 03 2023.
[54] W.-L. Liu, Y.-J. Gong, W.-n. Chen, Z. Liu, H. Wang, and J. Zhang, “Coordinated charging scheduling of electric vehicles: A mixed-variable differential evolution approach,” IEEE Transactions on Intelligent Transporta-tion Systems, vol. PP, pp. 1–16, 10 2019.
[55] A. S. Chivukula and X. Yang, “Game theoretical adversarial deep learning with variational adversaries,” in IEEE Transactions on Knowledge and Data Engineering, vol. 33, no. 8, pp. pp. 3568–3581, 2021.
[56] Z.-G. Chen, Z.-H. Zhan, H. Wang, and J. Zhang, “Dis-tributed individuals for multiple peaks: A novel differ-ential evolution for multimodal optimization problems,” IEEE Transactions on Evolutionary Computation, vol. PP, pp. 1–1, 10 2019.
[57] T. Huang, Y.-J. Gong, W.-n. Chen, H. Wang, and J. Zhang, “A probabilistic niching evolutionary computation framework based on binary space partitioning,” IEEE Transactions on Cybernetics, vol. PP, pp. 1–14, 03 2020.
[58] S. Siuly, S. Khare, V. Bajaj, H. Wang, and Y. Zhang, “A computerized method for automatic detection of schizophrenia using eeg signals,” IEEE Transactions on Neural Systems and Rehabilitation Engineering, vol. 1, p. 1, 09 2020.
[59] Y. Zhang, Y. Shen, H. Wang, Y. Zhang, and X. Jiang, “On secure wireless communications for service oriented computing,” IEEE Transactions on Services Computing, vol. PP, pp. 1–1, 09 2015.
[60] Y. Wang, Y. Shen, H. Wang, J. Cao, and X. Jiang, “Mtmr: Ensuring mapreduce computation integrity with merkle tree-based verifications,” IEEE Transactions on Big Data, vol. 4, no. 3, pp. 418–431, 2016.
[61] M. Peng, Q. Xie, H. Wang, Y. Zhang, and G. Tian, “Bayesian sparse topical coding,” IEEE Transactions on Knowledge and Data Engineering, vol. PP, pp. 1–1, 06 2018.
[62] S. Supriya, S. Siuly, H. Wang, and Y. Zhang, “Eeg sleep stages analysis and classification based on weighed complex network features,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. PP, pp. 1–11, 11 2018.
[63] M. Peng, J. Zhu, H. Wang, X. Li, Y. Zhang, X. Zhang, and G. Tian, “Mining event-oriented topics in microblog stream with unsupervised multi-view hierarchical embedding,” ACM Transactions on Knowledge Discovery from Data, vol. 12, pp. 1–26, 04 2018.
[64] Y.-F. Ge, E. Bertino, H. Wang, J. Cao, and Y. Zhang, “Distributed cooperative coevolution of data publishing privacy and transparency,” ACM Transactions on Knowl-edge Discovery from Data, vol. 18, 08 2023.
[65] M. Peng, W. Gao, H. Wang, Y. Zhang, J. Huang, Q. Xie, G. Hu, and G. Tian, “Parallelization of massive textstream compression based on compressed sensing,” ACM Transactions on Information Systems, vol. 36, pp. 1–18, 08 2017.
[66] J. Ma, L. Sun, H. Wang, Y. Zhang, and U. Aickelin, “Supervised anomaly detection in uncertain pseudope-riodic data streams,” ACM Transactions on Internet Tech-nology, vol. 16, pp. 1–20, 01 2016.
[67] H. Wang, X. Jiang, and G. Kambourakis, “Special issue on security, privacy and trust in network-based big data,” Information Sciences, vol. 318, pp. 48–50, 2015.
[68] M. Enamul Kabir, H. Wang, and E. Bertino, “A conditional purpose-based access control model with dynamic roles,” Expert Systems with Applications, vol. 38, no. 3, pp. 1482–1489, 2011.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Hakeem Quadri
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This is an open access article distributed under the terms of the CC BY-NC-SA 4.0, which permits copying, redistributing, remixing, transformation, and building upon the material in any medium so long as the original work is properly cited.
