Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310023, China.
Department of Electrical Engineering, City University of Hong Kong, Hong Kong, China.
Chaos. 2020 Aug;30(8):083102. doi: 10.1063/5.0003707.
Adversarial attacks have been alerting the artificial intelligence community recently since many machine learning algorithms were found vulnerable to malicious attacks. This paper studies adversarial attacks on Broido and Clauset classification for scale-free networks to test its robustness in terms of statistical measures. In addition to the well-known random link rewiring (RLR) attack, two heuristic attacks are formulated and simulated: degree-addition-based link rewiring (DALR) and degree-interval-based link rewiring (DILR). These three strategies are applied to attack a number of strong scale-free networks of various sizes generated from the Barabási-Albert model and the uncorrelated configuration model. It is found that both DALR and DILR are more effective than RLR in the sense that rewiring a smaller number of links can succeed in the same attack. However, DILR is as concealed as RLR in the sense that they both are introducing a relatively small change on several typical structural properties, such as the average shortest path-length, the average clustering coefficient, the average diagonal distance, and the Kolmogorov-Smirnov test of the degree distribution. The results of this paper suggest that to classify a network to be scale-free, one has to be very careful from the viewpoint of adversarial attack effects.
对抗攻击最近引起了人工智能社区的警觉,因为许多机器学习算法被发现容易受到恶意攻击。本文研究了针对无标度网络的 Broido 和 Clauset 分类的对抗攻击,以测试其在统计度量方面的鲁棒性。除了众所周知的随机链路重连(RLR)攻击外,还提出并模拟了两种启发式攻击:基于度增加的链路重连(DALR)和基于度间隔的链路重连(DILR)。这三种策略被应用于攻击来自 Barabási-Albert 模型和非相关配置模型的各种大小的多个强无标度网络。结果发现,在相同的攻击中,DALR 和 DILR 比 RLR 更有效,因为它们只需要重连少量链路即可成功。然而,DILR 在隐蔽性方面与 RLR 相同,因为它们都只在几个典型的结构属性上引入了相对较小的变化,例如平均最短路径长度、平均聚类系数、平均对角距离以及度分布的柯尔莫哥洛夫-斯米尔诺夫检验。本文的结果表明,为了对网络进行无标度分类,必须从对抗攻击效果的角度非常小心。
