Adequacy of the Gradient-Descent Method for Classifier Evasion Attacks Article Swipe
Yi Han
,
Benjamin I. P. Rubinstein
·
YOU?
·
· 2017
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.1704.01704
YOU?
·
· 2017
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.1704.01704
Despite the wide use of machine learning in adversarial settings including computer security, recent studies have demonstrated vulnerabilities to evasion attacks---carefully crafted adversarial samples that closely resemble legitimate instances, but cause misclassification. In this paper, we examine the adequacy of the leading approach to generating adversarial samples---the gradient descent approach. In particular (1) we perform extensive experiments on three datasets, MNIST, USPS and Spambase, in order to analyse the effectiveness of the gradient-descent method against non-linear support vector machines, and conclude that carefully reduced kernel smoothness can significantly increase robustness to the attack; (2) we demonstrate that separated inter-class support vectors lead to more secure models, and propose a quantity similar to margin that can efficiently predict potential susceptibility to gradient-descent attacks, before the attack is launched; and (3) we design a new adversarial sample construction algorithm based on optimising the multiplicative ratio of class decision functions.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/1704.01704
- https://arxiv.org/pdf/1704.01704
- OA Status
- green
- Cited By
- 2
- References
- 35
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W2605658383
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W2605658383Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.1704.01704Digital Object Identifier
- Title
-
Adequacy of the Gradient-Descent Method for Classifier Evasion AttacksWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2017Year of publication
- Publication date
-
2017-04-06Full publication date if available
- Authors
-
Yi Han, Benjamin I. P. RubinsteinList of authors in order
- Landing page
-
https://arxiv.org/abs/1704.01704Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/1704.01704Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/1704.01704Direct OA link when available
- Concepts
-
Gradient descent, Classifier (UML), Computer science, Artificial intelligence, Pattern recognition (psychology), Artificial neural networkTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
2Total citation count in OpenAlex
- Citations by year (recent)
-
2021: 1, 2019: 1Per-year citation counts (last 5 years)
- References (count)
-
35Number of works referenced by this work
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W2605658383 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.1704.01704 |
| ids.doi | https://doi.org/10.48550/arxiv.1704.01704 |
| ids.mag | 2605658383 |
| ids.openalex | https://openalex.org/W2605658383 |
| fwci | |
| type | preprint |
| title | Adequacy of the Gradient-Descent Method for Classifier Evasion Attacks |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11689 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9995999932289124 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Adversarial Robustness in Machine Learning |
| topics[1].id | https://openalex.org/T11324 |
| topics[1].field.id | https://openalex.org/fields/13 |
| topics[1].field.display_name | Biochemistry, Genetics and Molecular Biology |
| topics[1].score | 0.9857000112533569 |
| topics[1].domain.id | https://openalex.org/domains/1 |
| topics[1].domain.display_name | Life Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1304 |
| topics[1].subfield.display_name | Biophysics |
| topics[1].display_name | Spectroscopy Techniques in Biomedical and Chemical Research |
| topics[2].id | https://openalex.org/T11512 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9430999755859375 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1702 |
| topics[2].subfield.display_name | Artificial Intelligence |
| topics[2].display_name | Anomaly Detection Techniques and Applications |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C153258448 |
| concepts[0].level | 3 |
| concepts[0].score | 0.6154276132583618 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q1199743 |
| concepts[0].display_name | Gradient descent |
| concepts[1].id | https://openalex.org/C95623464 |
| concepts[1].level | 2 |
| concepts[1].score | 0.5022118091583252 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q1096149 |
| concepts[1].display_name | Classifier (UML) |
| concepts[2].id | https://openalex.org/C41008148 |
| concepts[2].level | 0 |
| concepts[2].score | 0.49852800369262695 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[2].display_name | Computer science |
| concepts[3].id | https://openalex.org/C154945302 |
| concepts[3].level | 1 |
| concepts[3].score | 0.45809823274612427 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[3].display_name | Artificial intelligence |
| concepts[4].id | https://openalex.org/C153180895 |
| concepts[4].level | 2 |
| concepts[4].score | 0.3317890167236328 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q7148389 |
| concepts[4].display_name | Pattern recognition (psychology) |
| concepts[5].id | https://openalex.org/C50644808 |
| concepts[5].level | 2 |
| concepts[5].score | 0.08083143830299377 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q192776 |
| concepts[5].display_name | Artificial neural network |
| keywords[0].id | https://openalex.org/keywords/gradient-descent |
| keywords[0].score | 0.6154276132583618 |
| keywords[0].display_name | Gradient descent |
| keywords[1].id | https://openalex.org/keywords/classifier |
| keywords[1].score | 0.5022118091583252 |
| keywords[1].display_name | Classifier (UML) |
| keywords[2].id | https://openalex.org/keywords/computer-science |
| keywords[2].score | 0.49852800369262695 |
| keywords[2].display_name | Computer science |
| keywords[3].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[3].score | 0.45809823274612427 |
| keywords[3].display_name | Artificial intelligence |
| keywords[4].id | https://openalex.org/keywords/pattern-recognition |
| keywords[4].score | 0.3317890167236328 |
| keywords[4].display_name | Pattern recognition (psychology) |
| keywords[5].id | https://openalex.org/keywords/artificial-neural-network |
| keywords[5].score | 0.08083143830299377 |
| keywords[5].display_name | Artificial neural network |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:1704.01704 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/1704.01704 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/1704.01704 |
| locations[1].id | doi:10.48550/arxiv.1704.01704 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.1704.01704 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5020908862 |
| authorships[0].author.orcid | https://orcid.org/0000-0001-6530-4564 |
| authorships[0].author.display_name | Yi Han |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Yi Han |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5078824132 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-2947-6980 |
| authorships[1].author.display_name | Benjamin I. P. Rubinstein |
| authorships[1].author_position | last |
| authorships[1].raw_author_name | Benjamin I. P. Rubinstein |
| authorships[1].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/1704.01704 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Adequacy of the Gradient-Descent Method for Classifier Evasion Attacks |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11689 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9995999932289124 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Adversarial Robustness in Machine Learning |
| related_works | https://openalex.org/W4391375266, https://openalex.org/W2748952813, https://openalex.org/W2390279801, https://openalex.org/W2358668433, https://openalex.org/W2376932109, https://openalex.org/W2001405890, https://openalex.org/W2382290278, https://openalex.org/W2478288626, https://openalex.org/W2033914206, https://openalex.org/W2042327336 |
| cited_by_count | 2 |
| counts_by_year[0].year | 2021 |
| counts_by_year[0].cited_by_count | 1 |
| counts_by_year[1].year | 2019 |
| counts_by_year[1].cited_by_count | 1 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:1704.01704 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/1704.01704 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/1704.01704 |
| primary_location.id | pmh:oai:arXiv.org:1704.01704 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/1704.01704 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/1704.01704 |
| publication_date | 2017-04-06 |
| publication_year | 2017 |
| referenced_works | https://openalex.org/W2536353943, https://openalex.org/W1883420340, https://openalex.org/W2243397390, https://openalex.org/W2293768274, https://openalex.org/W2180612164, https://openalex.org/W1945616565, https://openalex.org/W2153635508, https://openalex.org/W2963903822, https://openalex.org/W1932198206, https://openalex.org/W2112796928, https://openalex.org/W2095195675, https://openalex.org/W2557044351, https://openalex.org/W2952477728, https://openalex.org/W2274565976, https://openalex.org/W2112507308, https://openalex.org/W2151773168, https://openalex.org/W1966912382, https://openalex.org/W1564743226, https://openalex.org/W2963857521, https://openalex.org/W2103560185, https://openalex.org/W2269778407, https://openalex.org/W2517229335, https://openalex.org/W2230740169, https://openalex.org/W1673923490, https://openalex.org/W9657784, https://openalex.org/W2095577883, https://openalex.org/W2953047670, https://openalex.org/W2151298633, https://openalex.org/W2125908420, https://openalex.org/W2613144983, https://openalex.org/W2300089709, https://openalex.org/W2964082701, https://openalex.org/W2964040467, https://openalex.org/W2007562169, https://openalex.org/W2408141691 |
| referenced_works_count | 35 |
| abstract_inverted_index.a | 108, 131 |
| abstract_inverted_index.In | 32, 50 |
| abstract_inverted_index.in | 7, 64 |
| abstract_inverted_index.is | 125 |
| abstract_inverted_index.of | 4, 39, 70, 143 |
| abstract_inverted_index.on | 57, 138 |
| abstract_inverted_index.to | 18, 43, 66, 90, 102, 111, 119 |
| abstract_inverted_index.we | 35, 53, 94, 129 |
| abstract_inverted_index.(1) | 52 |
| abstract_inverted_index.(2) | 93 |
| abstract_inverted_index.(3) | 128 |
| abstract_inverted_index.and | 62, 79, 106, 127 |
| abstract_inverted_index.but | 29 |
| abstract_inverted_index.can | 86, 114 |
| abstract_inverted_index.new | 132 |
| abstract_inverted_index.the | 1, 37, 40, 68, 71, 91, 123, 140 |
| abstract_inverted_index.use | 3 |
| abstract_inverted_index.USPS | 61 |
| abstract_inverted_index.have | 15 |
| abstract_inverted_index.lead | 101 |
| abstract_inverted_index.more | 103 |
| abstract_inverted_index.that | 24, 81, 96, 113 |
| abstract_inverted_index.this | 33 |
| abstract_inverted_index.wide | 2 |
| abstract_inverted_index.based | 137 |
| abstract_inverted_index.cause | 30 |
| abstract_inverted_index.class | 144 |
| abstract_inverted_index.order | 65 |
| abstract_inverted_index.ratio | 142 |
| abstract_inverted_index.three | 58 |
| abstract_inverted_index.MNIST, | 60 |
| abstract_inverted_index.attack | 124 |
| abstract_inverted_index.before | 122 |
| abstract_inverted_index.design | 130 |
| abstract_inverted_index.kernel | 84 |
| abstract_inverted_index.margin | 112 |
| abstract_inverted_index.method | 73 |
| abstract_inverted_index.paper, | 34 |
| abstract_inverted_index.recent | 13 |
| abstract_inverted_index.sample | 134 |
| abstract_inverted_index.secure | 104 |
| abstract_inverted_index.vector | 77 |
| abstract_inverted_index.Despite | 0 |
| abstract_inverted_index.against | 74 |
| abstract_inverted_index.analyse | 67 |
| abstract_inverted_index.attack; | 92 |
| abstract_inverted_index.closely | 25 |
| abstract_inverted_index.crafted | 21 |
| abstract_inverted_index.descent | 48 |
| abstract_inverted_index.evasion | 19 |
| abstract_inverted_index.examine | 36 |
| abstract_inverted_index.leading | 41 |
| abstract_inverted_index.machine | 5 |
| abstract_inverted_index.models, | 105 |
| abstract_inverted_index.perform | 54 |
| abstract_inverted_index.predict | 116 |
| abstract_inverted_index.propose | 107 |
| abstract_inverted_index.reduced | 83 |
| abstract_inverted_index.samples | 23 |
| abstract_inverted_index.similar | 110 |
| abstract_inverted_index.studies | 14 |
| abstract_inverted_index.support | 76, 99 |
| abstract_inverted_index.vectors | 100 |
| abstract_inverted_index.adequacy | 38 |
| abstract_inverted_index.approach | 42 |
| abstract_inverted_index.attacks, | 121 |
| abstract_inverted_index.computer | 11 |
| abstract_inverted_index.conclude | 80 |
| abstract_inverted_index.decision | 145 |
| abstract_inverted_index.gradient | 47 |
| abstract_inverted_index.increase | 88 |
| abstract_inverted_index.learning | 6 |
| abstract_inverted_index.quantity | 109 |
| abstract_inverted_index.resemble | 26 |
| abstract_inverted_index.settings | 9 |
| abstract_inverted_index.Spambase, | 63 |
| abstract_inverted_index.algorithm | 136 |
| abstract_inverted_index.approach. | 49 |
| abstract_inverted_index.carefully | 82 |
| abstract_inverted_index.datasets, | 59 |
| abstract_inverted_index.extensive | 55 |
| abstract_inverted_index.including | 10 |
| abstract_inverted_index.launched; | 126 |
| abstract_inverted_index.machines, | 78 |
| abstract_inverted_index.potential | 117 |
| abstract_inverted_index.security, | 12 |
| abstract_inverted_index.separated | 97 |
| abstract_inverted_index.functions. | 146 |
| abstract_inverted_index.generating | 44 |
| abstract_inverted_index.instances, | 28 |
| abstract_inverted_index.legitimate | 27 |
| abstract_inverted_index.non-linear | 75 |
| abstract_inverted_index.optimising | 139 |
| abstract_inverted_index.particular | 51 |
| abstract_inverted_index.robustness | 89 |
| abstract_inverted_index.smoothness | 85 |
| abstract_inverted_index.adversarial | 8, 22, 45, 133 |
| abstract_inverted_index.demonstrate | 95 |
| abstract_inverted_index.efficiently | 115 |
| abstract_inverted_index.experiments | 56 |
| abstract_inverted_index.inter-class | 98 |
| abstract_inverted_index.construction | 135 |
| abstract_inverted_index.demonstrated | 16 |
| abstract_inverted_index.effectiveness | 69 |
| abstract_inverted_index.samples---the | 46 |
| abstract_inverted_index.significantly | 87 |
| abstract_inverted_index.multiplicative | 141 |
| abstract_inverted_index.susceptibility | 118 |
| abstract_inverted_index.vulnerabilities | 17 |
| abstract_inverted_index.gradient-descent | 72, 120 |
| abstract_inverted_index.misclassification. | 31 |
| abstract_inverted_index.attacks---carefully | 20 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 2 |
| sustainable_development_goals[0].id | https://metadata.un.org/sdg/16 |
| sustainable_development_goals[0].score | 0.6700000166893005 |
| sustainable_development_goals[0].display_name | Peace, Justice and strong institutions |
| citation_normalized_percentile |