Best of Adversarial ML Week 44 – Adversarial attacks on knowledge graph embeddings and others

Adversarial ML admin todayNovember 12, 2021 180

Background
share close

The Adversa team makes for you a weekly selection of the best research in the field of artificial intelligence security


Attacking Deep Reinforcement Learning-Based Traffic Signal Control Systems with Colluding Vehicles

The rapid development of IoT and artificial AI has spurred the development of Adaptive Traffic Signal Control (ATCS) systems, which are currently being actively used for smart cities. More specifically, Deep Reinforcement Learning (DRL) methods are gaining popularity and potential for application. The existing DRL-based ATCS are used to enable controlled signals to collect traffic information from nearby vehicles and then generate recommendations for optimal action. Models like these operate on the premise that vehicles are transmitting true information to signals, making them vulnerable to attack.

Researchers Ao Qu, Yihong Tang, and Wei Ma decided to pay attention to this issue. As part of their research was allocated which group of vehicles that can send falsified information to “cheat” models, saving total travel time. To solve this problem, CollusionVeh has been proposed, an effective framework for vehicle collusion. It includes a road situation encoder, a vehicle interpreter, and a communication mechanism. As a result of the attacks, it was found that the total travel time for colluding vehicles could be significantly reduced a reasonable number of learning episodes. Also the colluding effect decreases when the number of colluding vehicles increases. The researchers believe the work could help improve the reliability and resilience of ATCS and better protect smart mobile systems.

ZeBRA: Precisely Destroying Neural Networks with Zero-Data Based Repeated Bit Flip Attack

In the given work, researchers Dahoon Park, Kon-Woo Kwon, Sunghoon Im, and Jaeha Kung demonstrate Zero-data Based Repeated bit flip Attack (ZeBRA) aimed at destroying deep neural networks (DNNs) synthesizing its own attack datasets.  While previous work on this topic requires not only weights, but also a training or test dataset, this study proposes synthesizing an attack dataset, called distilled target data, using statistics of the batch normalization levels in the victim’s DNN model.

This ZeBRA algorithm is equipped with distilled target data and can search for vulnerable bits in the model without access to the training or test dataset, making a weight-class attack more fatal to DNN security. Experimental results show that this attack is much more effective than previously suppressed ones.

Adversarial Attacks on Knowledge Graph Embeddings via Instance Attribution Methods

Adversarial attack is more than Evasion: meet poisoning, bit flipping and domain specific reinforcement learning attacks.
While Knowledge Graph Embeddings (KGE) are quite common, the issue of their vulnerability and security has been studied quite little. Researchers Peru Bhardwaj, John Kelleher, Luca Costabello, and Declan O’Sullivan have focused on data poisoning attacks on the KGE model for link prediction. These attacks create hostile additions or deletions during training, which causes the model to fail during testing. It is suggested to use the model-agnostic instance attribution methods from Interpretable Machine Learning in order to select adversarial deletions. They define training instances that most affect neural model predictions on test instances – all of which are used as adversarial deletions. Numerous experiments show that these strategies outperform modern data poisoning attacks on the KGE model and improve the MRR degradation due to attacks by up to 62% over baseline.

Written by: admin

Rate it
Previous post