Notwithstanding the popularity of machine learning (ML) and deep learning (DL) models they are susceptible to attacks. This trend heralded a new filed called “Adversarial Machine Learning” (AdML). Of late, the use of chaotic number in place of pseudo-random numbers yielded the better results [1, 2]. In this study, we propose the Chaotic Generative Adversarial Network (GAN)-based and Chaotic-Wasserstein GAN (WGAN)-based defense techniques for tabular or structured data. Also, we implemented the Chaotic-GAN proposed by Kate et al. [3] for the sample generation in adversarial training. We performed evasion attack on Decision Tree and Random Forest, using the novel, chaotic VAE proposed by Gangadhar et al. [4] and Reddy et al. [5] and later defended those models using the two methods, namely, Chaotic-GAN and Chaotic-WGAN. We employed vanilla-GAN and WGAN as baseline models. Since WGAN resulted in the poor data generation, we added a constraint on the loss function of the WGAN namely gradient penalty (GP) in both WGAN and Chaotic-WGAN variants resulting four defense variants namely, WGAN-GP, Chaotic-WGAN-GP, Vanilla-GAN, and Chaotic-GAN. It tuned out that the proposed Chaotic-WGAN-GP performed best in defending the attacks overall followed by WGAN-GP on Bank-churn, loan-default, and Credit-card default datasets.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Chaotic-Wasserstein GAN-Based Adversarial Defense

  • Daka Pavan Venkata Sainadh Reddy,
  • Vadlamani Ravi

摘要

Notwithstanding the popularity of machine learning (ML) and deep learning (DL) models they are susceptible to attacks. This trend heralded a new filed called “Adversarial Machine Learning” (AdML). Of late, the use of chaotic number in place of pseudo-random numbers yielded the better results [1, 2]. In this study, we propose the Chaotic Generative Adversarial Network (GAN)-based and Chaotic-Wasserstein GAN (WGAN)-based defense techniques for tabular or structured data. Also, we implemented the Chaotic-GAN proposed by Kate et al. [3] for the sample generation in adversarial training. We performed evasion attack on Decision Tree and Random Forest, using the novel, chaotic VAE proposed by Gangadhar et al. [4] and Reddy et al. [5] and later defended those models using the two methods, namely, Chaotic-GAN and Chaotic-WGAN. We employed vanilla-GAN and WGAN as baseline models. Since WGAN resulted in the poor data generation, we added a constraint on the loss function of the WGAN namely gradient penalty (GP) in both WGAN and Chaotic-WGAN variants resulting four defense variants namely, WGAN-GP, Chaotic-WGAN-GP, Vanilla-GAN, and Chaotic-GAN. It tuned out that the proposed Chaotic-WGAN-GP performed best in defending the attacks overall followed by WGAN-GP on Bank-churn, loan-default, and Credit-card default datasets.