Optimizing Adversarial Attacks through Bi-Level Programming Strategy

Date of Award

4-30-2024

Document Type

Thesis

Degree Name

Master of Science in Machine Learning

Department

Machine Learning

First Advisor

Dr. Bin Gu

Second Advisor

Dr. Preslav Nakov

Abstract

In the burgeoning field of adversarial machine learning, the development and optimization of adversarial attacks stand as crucial research areas, both for understanding potential vulnerabilities in machine learning models and bolstering their defenses against such threats. This thesis presents a new strategy for optimizing adversarial attacks through a bi-level programming strategy, leveraging the capabilities of the HOZOG algorithm. This advanced optimization algorithm has been specially tailored to address the intricate dynamics of adversarial scenarios, providing a sophisticated tool for enhancing the effectiveness and efficiency of adversarial attacks. Central to this research is applying the HOZOG algorithm across five diverse datasets, encompassing a broad spectrum of complexities and characteristics. This comprehensive experimentation framework is designed to rigorously evaluate the algorithm’s performance and adaptability. Three distinct models of varying complexity and types were subjected to three adversarial attacks to solidify our analysis further. This multi-faceted approach ensures a deep and nuanced understanding of the HOZOG algorithm’s capabilities in navigating and optimizing adversarial landscapes. A significant aspect of our methodology is the utilization of net dissection to dissect and comprehend the interactions occurring at various layers of the neural networks during adversarial attacks. This technique provides invaluable insights into the algorithm’s operational dynamics, revealing the intricate processes contributing to its optimization capabilities. Further analysis was conducted through a strategic presentation of data, employing an array of tables and figures to succinctly depict the outcomes of our experiments. This approach not only facilitates a more transparent comprehension of the results but also underscores the effectiveness of the HOZOG algorithm in optimizing adversarial attacks. This detailed examination identified critical patterns and trends, offering a robust framework for understanding the algorithm’s impact on the models’ vulnerabilities and defenses. The findings of this thesis underscore the HOZOG algorithm’s potential as a powerful tool for optimizing adversarial attacks. By employing a bi-level programming strategy, the algorithm can enhance the precision and effectiveness of attacks across various datasets and models. This research contributes significantly to the field of adversarial machine learning, offering a novel perspective on optimizing adversarial attacks and laying the groundwork for future advancements in developing more resilient AI systems. In conclusion, this thesis validates the effectiveness of the HOZOG algorithm in optimizing adversarial attacks and opens new avenues for research into AI systems’ defense mechanisms. By exploring the algorithm’s performance across different datasets and models under various adversarial conditions, our blueprint for future research aims to understand and address machine learning model vulnerabilities.

Comments

Thesis submitted to the Deanship of Graduate and Postdoctoral Studies

In partial fulfilment of the requirements for the M.Sc degree in Machine Learning

Advisors: Bin Gu, Preslav Nakov

Online access available for MBZUAI patrons

Link to Full Text

Share

COinS