Certifying Robustness of Machine Learning Models Utilizing Adversarial Attack Transferability

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Calzavara, Stefano it_IT
dc.contributor.author Inayat, Shehzad <1995> it_IT
dc.date.accessioned 2023-02-18 it_IT
dc.date.accessioned 2023-05-23T13:07:07Z
dc.date.available 2023-05-23T13:07:07Z
dc.date.issued 2023-03-16 it_IT
dc.identifier.uri http://hdl.handle.net/10579/23646
dc.description.abstract Machine learning has become increasingly popular for its ability to learn from data, identify patterns and make logical decisions with little or no human intervention, allowing humans to rapidly develop models that can analyze extraordinarily large and ever-increasing volumes of data. Machine learning models, for instance, Convolution Neural Networks (CNNs), received attention due their purposeful use in a wide variety of areas, such as self-driving cars and cyber security. However, recent studies have shed light on how such systems can be compromised by test time evasion attacks, i.e., carefully engineered adversarial examples with imperceptible perturbation, raising security concerns about using such models in safety-critical systems. Furthermore, adversarial examples may exhibit the transferability property, i.e., adversarial examples crafted for one model may evade also potentially unknown models, that makes attacks practical even in the black-box setting. Machine learning models need to present satisfiable performance also in adversarial settings, thus it’s crucial to evaluate faithfully their robustness against evasion attacks. Since in real world scenarios (black-box settings) target models may not be directly accessible and it may be difficult to verify their robustness, we propose a framework that allow the analyst to evaluate efficiently the robustness of target models by leveraging simple well-known surrogate models and the transferability of adversarial attacks. Our proposal consists in combining the information about the robustness of surrogate models evaluated on a test set using different logical gates to approximate the robustness of the target model, hoping that the information about the robustness of surrogate models transfer to the target model. In addition, along with the measure of transferability for each model, we explore the correlation between other information available to the analyst and the best gate, in order to suggest a strategy to identify the best aggregation function in different settings. The preliminary experimental evaluation on MNIST dataset using different machine learning models shows the possibility of approximating effectively the robustness of target models via surrogate models. it_IT
dc.language.iso en it_IT
dc.publisher Università Ca' Foscari Venezia it_IT
dc.rights © Shehzad Inayat, 2023 it_IT
dc.title Certifying Robustness of Machine Learning Models Utilizing Adversarial Attack Transferability it_IT
dc.title.alternative Certifying Robustness of Machine Learning Models Utilizing Adversarial Attack Transferability it_IT
dc.type Master's Degree Thesis it_IT
dc.degree.name Informatica - computer science it_IT
dc.degree.level Laurea magistrale it_IT
dc.degree.grantor Dipartimento di Scienze Ambientali, Informatica e Statistica it_IT
dc.description.academicyear 2021/2022 - appello sessione straordinaria it_IT
dc.rights.accessrights openAccess it_IT
dc.thesis.matricno 888374 it_IT
dc.subject.miur INF/01 INFORMATICA it_IT
dc.description.note it_IT
dc.degree.discipline it_IT
dc.contributor.co-advisor it_IT
dc.date.embargoend it_IT
dc.provenance.upload Shehzad Inayat (888374@stud.unive.it), 2023-02-18 it_IT
dc.provenance.plagiarycheck Stefano Calzavara (stefano.calzavara@unive.it), 2023-03-06 it_IT


Files in this item

This item appears in the following Collection(s)

Show simple item record