Few Features Attack to Fool Machine Learning Models through Mask-based GAN

Abstract

GAN (Generative Adversarial Networks, [1]) is a machine-learning-based generative approach, which can create artificial contents such as images, languages and speeches. Recent studies have shown that GAN can also be applied to generate adversarial attack examples ( [2], [3]) to fool the machine-learning models. In comparison with the non-learning adversarial attack examples approaches, the GAN-based adversarial attack example approach can generate the adversarial samples quickly when facing a new sample after training, but meanwhile needs to perturb the attack samples in great quantities. To address this issue, we propose a new approach, named Few-Features-Attack-GAN (FFA-GAN). FFA-GAN has a significant time-consuming advantage than the non-learning adversarial attack samples approaches as it is based on the GAN architecture, and also has a better non-zero-features performance than the GAN-based adversarial sample attack approaches because of the introduction of the mask mechanism in the generator of GAN to confine the perturbations. Experiments are made respectively on the structured data sets KDD-Cup 1999 and CIC-IDS 2017, in which the dimensions of the data are relatively low, and also on the unstructured data sets MNIST and CIFAR-10 in which the data have the relatively high dimensions. The results of the experiments demonstrate the effectiveness and the robustness of our proposed approach.