An Analytical Framework for Evaluating Successful Poisoning Attacks on Machine Learning Algorithms

An Analytical Framework for Evaluating Successful Poisoning Attacks on Machine Learning Algorithms

연구 분야: Artificial Intelligence

학회: SN Computer Science

In general, machine learning is employed by a number of industries to improve their output. Furthermore, many challenging issues with systems that could include extremely important data are resolved using machine learning (ML) algorithms. This poses a significant risk to systems that depend on machine learning algorithms by making them a target for attackers. Determining a machine learning algorithm's performance and resilience to assaults is crucial for this reason. In this research, three metrics and three datasets—the SMS spam, Liver disease and Heart disease datasets are used to empirically examine the performance and resilience of five machine learning(ML) algorithms against adversarial assault. In this investigation, learning models are developed to evaluate the resilience of K-Nearest Neighbors (KNN), Support Vector Machine (SVM), and Multinomial Naïve Bayes (MNB) or Gaussian Naïve Bayes (GNB), Random Forest (RF), AdaBoost (ADB). Results are tracked in the SMS spam, Liver disease and Heart disease datasets when it assaults these environments with adversarial tactics. In order to alter training data during hostile attacks, such as assaults that randomly flip labels, employ data poisoning. It has been examined how well each method performs for a particular dataset by adjusting the quantity of tainted data and observing trends in the accuracy rate, f1-score and AUC score values and Evaluation of attack detections. The analysis's findings demonstrate the variability of machine learning algorithm’s results in performance and their resilience to numerous hostile assaults. Furthermore, the impact of an adversarial assault on ML algorithms varies depending on the stage of the attack. Based on the results of the experiment as a whole discussed the evaluation of each type of training dataset detection, the concluded best ML models classification performances and resilience against RLF poisoning attacks are KNN for SMS spam dataset, GNB for liver disease dataset and ADB for heart disease with the inference of highest resilience values or scores being 75.73%, 60.85%, and 53.51% respectively. .