MISLEAD: Manipulating Importance of Selected features for Learning Epsilon in Evasion Attack Deception
This work addresses security vulnerabilities in ML systems for practitioners, but it is incremental as it builds on existing evasion attack and SHAP methods.
The paper tackles the problem of evasion attacks on machine learning models by proposing a method that uses SHAP for feature importance analysis and an Optimal Epsilon technique with Binary Search to determine minimal perturbations for successful attacks, demonstrating precision in generating adversarial samples across diverse architectures.
Emerging vulnerabilities in machine learning (ML) models due to adversarial attacks raise concerns about their reliability. Specifically, evasion attacks manipulate models by introducing precise perturbations to input data, causing erroneous predictions. To address this, we propose a methodology combining SHapley Additive exPlanations (SHAP) for feature importance analysis with an innovative Optimal Epsilon technique for conducting evasion attacks. Our approach begins with SHAP-based analysis to understand model vulnerabilities, crucial for devising targeted evasion strategies. The Optimal Epsilon technique, employing a Binary Search algorithm, efficiently determines the minimum epsilon needed for successful evasion. Evaluation across diverse machine learning architectures demonstrates the technique's precision in generating adversarial samples, underscoring its efficacy in manipulating model outcomes. This study emphasizes the critical importance of continuous assessment and monitoring to identify and mitigate potential security risks in machine learning systems.