Attack Transferability Against Information-Theoretic Feature Selection
AffiliationDepartment of Electrical & Computer Engineering, University of Arizona
KeywordsAdversarial Machine Learning
Machine learning algorithms
MetadataShow full item record
CitationGupta, S., Golota, R., & Ditzler, G. (2021). Attack Transferability Against Information-Theoretic Feature Selection. IEEE Access.
RightsCopyright © 2021 The Author(s). This work is licensed under a Creative Commons Attribution 4.0 License.
Collection InformationThis item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at firstname.lastname@example.org.
AbstractMachine learning (ML) is vital to many application-driven fields, such as image and signal classification, cyber-security, and health sciences. Unfortunately, many of these fields can easily have their training data tampered with by an adversary to thwart an ML algorithm’s objective. Further, the adversary can impact any stage in an ML pipeline (e.g., preprocessing, learning, and classification). Recent work has shown that many models can be attacked by poisoning the training data, and the impact of the poisoned data can be quite significant. Prior works on adversarial feature selection have shown that the attacks can damage feature selection (FS). Filter FS algorithms, a type of FS, are widely used for their ability to model nonlinear relationships, classifier independence and lower computational requirements. One important question from the security perspective of these widely used approaches is, whether filter FS algorithms are robust against other FS attacks. In this work, we focus on the task of information-theoretic filter FS such MIM, MIFS, and mRMR, and the impact that gradient-based attack can have on these selections. The experiments on five benchmark datasets demonstrate that the stability of different information-theoretic algorithms can be significantly degraded by injecting poisonous data into the training dataset. CCBY
NoteOpen access journal
VersionFinal published version
Except where otherwise noted, this item's license is described as Copyright © 2021 The Author(s). This work is licensed under a Creative Commons Attribution 4.0 License.