TabAttackBench: A Benchmark for Adversarial Attacks on Tabular Data
This work addresses the vulnerability of tabular machine learning models to adversarial attacks, providing a benchmark for researchers and practitioners in domains like finance and healthcare, though it is incremental as it builds on existing attack methods.
The study tackled the underexplored problem of adversarial attacks on tabular data by introducing a benchmark that evaluates five attack algorithms across four models and eleven datasets, revealing trade-offs between effectiveness and imperceptibility, such as ℓ∞-based attacks achieving higher success but lower subtlety.
Adversarial attacks pose a significant threat to machine learning models by inducing incorrect predictions through imperceptible perturbations to input data. While these attacks are well studied in unstructured domains such as images, their behaviour on tabular data remains underexplored due to mixed feature types and complex inter-feature dependencies. This study introduces a comprehensive benchmark that evaluates adversarial attacks on tabular datasets with respect to both effectiveness and imperceptibility. We assess five white-box attack algorithms (FGSM, BIM, PGD, DeepFool, and C\&W) across four representative models (LR, MLP, TabTransformer and FT-Transformer) using eleven datasets spanning finance, energy, and healthcare domains. The benchmark employs four quantitative imperceptibility metrics (proximity, sparsity, deviation, and sensitivity) to characterise perturbation realism. The analysis quantifies the trade-off between these two aspects and reveals consistent differences between attack types, with $\ell_\infty$-based attacks achieving higher success but lower subtlety, and $\ell_2$-based attacks offering more realistic perturbations. The benchmark findings offer actionable insights for designing more imperceptible adversarial attacks, advancing the understanding of adversarial vulnerability in tabular machine learning.