A Game Theoretical vulnerability analysis of Adversarial Attack Khondker Fariha Hossain1 Alireza Tavakkoli2 and Shamik Sengupta3

2025-04-24 0 0 1.67MB 12 页 10玖币
侵权投诉
A Game Theoretical vulnerability analysis of
Adversarial Attack
Khondker Fariha Hossain1, Alireza Tavakkoli2, and Shamik Sengupta3
University of Nevada, Reno, NV 89557
khondkerfarihah@nevada.unr.edu1,tavakkol@unr.edu2,ssengupta@unr.edu3
Abstract. In recent times deep learning has been widely used for au-
tomating various security tasks in Cyber Domains. However, adversaries
manipulate data in many situations and diminish the deployed deep
learning model’s accuracy. One notable example is fooling CAPTCHA
data to access the CAPTCHA-based Classifier leading to the critical sys-
tem being vulnerable to cybersecurity attacks. To alleviate this, we pro-
pose a computational framework of game theory to analyze the CAPTCHA-
based Classifier’s vulnerability, strategy, and outcomes by forming a si-
multaneous two-player game. We apply the Fast Gradient Symbol Method
(FGSM) and One Pixel Attack on CAPTCHA Data to imitate real-life
scenarios of possible cyber-attack. Subsequently, to interpret this sce-
nario from a Game theoretical perspective, we represent the interaction
in the Stackelberg Game in Kuhn tree to study players’ possible be-
haviors and actions by applying our Classifier’s actual predicted values.
Thus, we interpret potential attacks in deep learning applications while
representing viable defense strategies in the game theory prospect.
Keywords: Adversarial Attack ·Convolutional Neural Network ·Game
theory ·CAPTCHA.
1 Introduction
In machine learning, a classification model refers to a predictive modeling prob-
lem, assuming that the training and testing data is generated from the same
underlying distribution. But in real life, data evolves, and sometimes malicious
instances[1] change the drift of the existing data. These perturbations in the in-
put data make machine learning models vulnerable and result in unusual changes
in output data. Though this modification does not affect the human perceptual
ability to identify them, deep learning models, on the other hand, are quite
susceptible, creating a threat to security and safety concerns.
Researchers have suggested many additive defense methods in response to
such additive attacks. The current defenses against such attacks are training
modified data focusing on gradient pathways[2], performing different filtering,
or removing adversarial perturbation from the input data[3]. Though the vari-
ation of the adversarial attacks (both targeted and non-targeted) changes the
metric of the classifier, it can be identified by figuring out the perturbation by
arXiv:2210.06670v1 [cs.GT] 13 Oct 2022
2 K.F. Hossain, et al.
calculating the gradient. Each time a new attack strategy has been proposed, the
defense strategy for the such attack came within a small margin of time. More-
over, novel defenses are being introduced to improve upon existing techniques
to fend off each new attack. This back-and-forth game between attack and de-
fense is persistently recurring, indicating reaching a consent resolution. As the
attack’s synopsis and the defense are robust, it became significant to understand
the pattern and behavior of the attacker to create a robust defense. Many of the
defense techniques incorporate popular decision-making-based frameworks to ex-
plore the interactions between the attacker and the defender. One such popular
tactic is applying a mathematically based model like Game theory[4]. Game the-
ory is a mathematical framework that analyzes the behavior of the players of
the game. In the cyber domain, the players are the attacker and the defender.
The tradeoff between the attacker and the defender is the cost of adopting the
strategies. In deep learning models, the classifiers are considered the defender,
while adversarial attacks play the attacker role. So the computational tradeoff
between the adversarial attack and the classifier is distributed based on the gain
from the attack.
One popular method, the Game theory, has been extensively applied in cy-
bersecurity [5] vulnerabilities to capture the interaction between players quan-
titatively. Game theory is the study of mathematical models for analyzing the
decision-making process for rational agents [6]. Game theory is successfully ap-
plied in the security-based scenario as one of the core qualities of the Game
theory perspective is to analyze the cognitive behavior of the players[7]. Before
executing a Machine Learning model for Cloud infrastructure, it is required to
analyze not only the implementation or computation cost but also the recovery
or vulnerability cost. In this synopsis, the Game theory is a proper solution.
Again, though we consider players to be rational in a Game Theoretic sense,
in real life, players can be irrational. Moreover, sometimes while designing a
Game, many auxiliary players are not included in the strategy that might af-
fect the game’s outcome. Reinforcement learning is a type of Game that helps
distinguish different players in real life and is beneficial in real-life scenarios [8].
In this paper, our main contribution can be summarized below:
We empirically show that Deep Neural Networks (DNN) used in cyber do-
mains are vulnerable to adversarial attacks.
To eliminate this enigma, it is vital to do a behavioral analysis of the at-
tacker’s and defender’s perspectives to come out with a more subtle way of
handling these attacks.
2 Methodology
2.1 CNN model and Loss Function
Fig. 1 illustrates the Deep Convolutional Neural Network(CNN) architecture we
propose to classify CAPTCHA images. The CNN model takes the CAPTCHA
Game Theoretical analysis of Adversarial Attack 3
Fig. 1. Representation of the Stackelberg game for the CNN model which is consist of
three combined layers to decode in three steps.The generated CAPTCHA images are
the input while the prediction outputs are the four classes.
images x as input and predicts the classes of the original input. The model con-
sists of multiple Convolution, Batch-Norm, ReLU, and Fully Connected layers.
We use convolution and separable convolution for downsampling three times.
For convolution we use kernel size, k = 3, stride, s = 1 and padding, p = 0,
except for downsampling convolution where we use stride, s = 2. The convolu-
tion layer is succeeded by Batch-normalization, ReLU, and Max-pooling layers.
After that, we use one fully connected layer. The encoder consists of 9 convo-
lution layers and four dense layers. The number of features are for each layer
is [E1;E2;E3;E4;E5;E6;E7;E8;E9;E10]= [32; 32;64;64; 128; 128; 256; 64; 32]. We
use one output activation: classification with Softmax for four class prediction.
For the classification of the particular characters of the CAPTCHA image, we
use categorical cross-entropy [5] as in Eq. 2.
Lclass(D) =
k
X
i=0
yilog(y0
i)(1)
2.2 FGSM Attack
To create an adversarial sample, the Fast Gradient Sign Method (FGSM)[9] uses
the gradients of the neural network. The attack mechanism is to calculate the
gradients of the loss based on input images to create a new image that maximizes
the loss[10]. We illustate the FGSM attack in Fig. 2. The FGSM attack is given
in Eq. 2.
x0=x+·sign(5xJ(θ, x, y)) (2)
摘要:

AGameTheoreticalvulnerabilityanalysisofAdversarialAttackKhondkerFarihaHossain1,AlirezaTavakkoli2,andShamikSengupta3UniversityofNevada,Reno,NV89557khondkerfarihah@nevada.unr.edu1,tavakkol@unr.edu2,ssengupta@unr.edu3Abstract.Inrecenttimesdeeplearninghasbeenwidelyusedforau-tomatingvarioussecuritytasksi...

展开>> 收起<<
A Game Theoretical vulnerability analysis of Adversarial Attack Khondker Fariha Hossain1 Alireza Tavakkoli2 and Shamik Sengupta3.pdf

共12页,预览3页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:12 页 大小:1.67MB 格式:PDF 时间:2025-04-24

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 动力学连接体 力的合成 配电装置 高考理综 全宋诗作者索引 公务员考试
/ 12
评分 收藏
分享
立即下载
客服
关注