Skip to main content
SpringerLink
Log in
Book cover

IFIP International Conference on Artificial Intelligence Applications and Innovations

AIAI 2021: Artificial Intelligence Applications and Innovations. AIAI 2021 IFIP WG 12.5 International Workshops pp 211–227Cite as

A Lipschitz - Shapley Explainable Defense Methodology Against Adversarial Attacks

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 628)

Abstract

Every learning algorithm, has a specific bias. This may be due to the choice of its hyperparameters, to the characteristics of its classification methodology, or even to the representation approach of the considered information. As a result, Machine Learning modeling algorithms are vulnerable to specialized attacks. Moreover, the training datasets are not always an accurate image of the real world. Their selection process and the assumption that they have the same distribution as all the unknown cases, introduce another level of bias. Global and Local Interpretability (GLI) is a very important process that allows the determination of the right architectures to solve Adversarial Attacks (ADA). It contributes towards a holistic view of the Intelligent Model, through which we can determine the most important features, we can understand the way the decisions are made and the interactions between the involved features. This research paper, introduces the innovative hybrid Lipschitz - Shapley approach for Explainable Defence Against Adversarial Attacks. The introduced methodology, employs the Lipschitz constant and it determines its evolution during the training process of the intelligent model. The use of the Shapley Values, offers clear explanations for the specific decisions made by the model.

Keywords

  • Explainable ΑΙ
  • ΑΙ defense
  • Adversarial Attacks
  • Global interpretability
  • Shapley values
  • Lipschitz constraint

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   99.00
Price excludes VAT (Canada)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   129.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   129.99
Price excludes VAT (Canada)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Understanding Machine Learning, Pattern recognition and machine learning. Cambridge University Press. https://www.cambridge.org/il/academic/subjects/computer-science/pattern-recognition-and-machine-learning/understanding-machine-learning-theory-algorithms. Accessed 16 Feb 2021

  2. Tygar, J.D.: Adversarial machine learning. IEEE Internet Comput. 15(5), 4–6 (2011). https://doi.org/10.1109/MIC.2011.112

    CrossRef  Google Scholar 

  3. Zhu, Z., Lu, Y., Chiang, C.: Generating adversarial examples by makeup attacks on face recognition. In: 2019 IEEE International Conference on Image Processing (ICIP), pp. 2516–2520 (2019). https://doi.org/10.1109/ICIP.2019.8803269

  4. Guo, H., Peng, L., Zhang, J., Qi, F., Duan, L.: Fooling AI with AI: an accelerator for adversarial attacks on deep learning visual classification. In: 2019 IEEE 30th International Conference on Application-specific Systems, Architectures and Processors (ASAP), vol. 2160–052X, pp. 136–136 (2019). https://doi.org/10.1109/ASAP.2019.00-16

  5. Demertzis, K., Tziritas, N., Kikiras, P., Sanchez, S.L., Iliadis, L.: The next generation cognitive security operations center: adaptive analytic lambda architecture for efficient defense against adversarial attacks. Big Data Cogn. Comput. 3(1), 6 (2019). https://doi.org/10.3390/bdcc3010006

    CrossRef  Google Scholar 

  6. Jing, H., Meng, C., He, X., Wei, W.: Black box explanation guided decision-based adversarial attacks. In: 2019 IEEE 5th International Conference on Computer and Communications (ICCC), pp. 1592–1596 (2019). https://doi.org/10.1109/ICCC47050.2019.9064243

  7. Yu, P., Song, K., Lu, J.: Generating adversarial examples with conditional generative adversarial net. In: 2018 24th International Conference on Pattern Recognition (ICPR), pp. 676–681 (2018). https://doi.org/10.1109/ICPR.2018.8545152

  8. Liu, Y., Mao, S., Mei, X., Yang, T., Zhao, X.: Sensitivity of adversarial perturbation in fast gradient sign method. In: 2019 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 433–436 (2019). https://doi.org/10.1109/SSCI44817.2019.9002856

  9. Li, H., Zhou, S., Yuan, W., Li, J., Leung, H.: Adversarial-example attacks toward android malware detection system. IEEE Syst. J. 14(1), 653–656 (2020). https://doi.org/10.1109/JSYST.2019.2906120

    CrossRef  Google Scholar 

  10. Yuan, J., He, Z.: Adversarial dual network learning with randomized image transform for restoring attacked images. IEEE Access 8, 22617–22624 (2020). https://doi.org/10.1109/ACCESS.2020.2969288

    CrossRef  Google Scholar 

  11. Chen, J., Lin, X., Shi, Z., Liu, Y.: Link prediction adversarial attack via iterative gradient attack. IEEE Trans. Comput. Soc. Syst. 7(4), 1081–1094 (2020). https://doi.org/10.1109/TCSS.2020.3004059

    CrossRef  Google Scholar 

  12. Chauhan, R., Heydari, S.S.: Polymorphic adversarial DDoS attack on IDS using GAN. In: 2020 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6 (2020). https://doi.org/10.1109/ISNCC49221.2020.9297264

  13. He, X., Tong, G., Gao, W., Mi, X., Gao, P., Zhang, Y.: The method of adaptive gaussian decomposition based recognition and extraction of scattering mechanisms. In: 2018 12th International Symposium on Antennas, Propagation and EM Theory (ISAPE), pp. 1–4 (2018). https://doi.org/10.1109/ISAPE.2018.8634155

  14. Zhao, X., Huang, M., Zhu, Q.: Analysis of hyperspectral scattering image using wavelet transformation for assessing internal qualities of apple fruit. In: 2012 24th Chinese Control and Decision Conference (CCDC), pp. 2445–2448 (2012). https://doi.org/10.1109/CCDC.2012.6244390

  15. Loeb, I.: Lipschitz functions in constructive reverse mathematics. Log. J. IGPL 21(1), 28–43 (2013). https://doi.org/10.1093/jigpal/jzs020

    CrossRef  MathSciNet  MATH  Google Scholar 

  16. Hu, G.: Observers for one-sided Lipschitz non-linear systems. IMA J. Math. Control Inf. 23(4), 395–401 (2006). https://doi.org/10.1093/imamci/dni068

    CrossRef  MathSciNet  MATH  Google Scholar 

  17. Calliess, J.: Lipschitz optimisation for Lipschitz Interpolation. In: 2017 American Control Conference (ACC), pp. 3141–3146 (2017). https://doi.org/10.23919/ACC.2017.7963430

  18. Demertzis, K., Tsiknas, K., Takezis, D., Skianis, C., Iliadis, L.: Darknet traffic big-data analysis and network management for real-time automating of the malicious intent detection process by a weight agnostic neural networks framework. Electronics 10(7) (2021). https://doi.org/10.3390/electronics10070781. Art. no. 7

  19. Cheng-Guo, E., Quan-Lin, L., Li, S.: The Shapley value of cooperative game with stochastic payoffs. In: The 26th Chinese Control and Decision Conference (2014 CCDC), pp. 1717–1722 (2014). https://doi.org/10.1109/CCDC.2014.6852446

  20. Huafeng, X., Qiuhong, L.: The game theory analysis of risk share for PPP project based on Shapley value. In: 2010 2nd IEEE International Conference on Information Management and Engineering, pp. 112–115 (2010). https://doi.org/10.1109/ICIME.2010.5477813

  21. Leon, F.: Optimizing neural network topology using Shapley value. In: 2014 18th International Conference on System Theory, Control and Computing (ICSTCC), pp. 862–867 (2014). https://doi.org/10.1109/ICSTCC.2014.6982527

  22. Bao, X., Li, X.: Cost allocation of integrated supply based on Shapley value method. In: 2010 International Conference on Intelligent Computation Technology and Automation, vol. 1, pp. 1054–1057 (2010). https://doi.org/10.1109/ICICTA.2010.406

  23. Zhang, L., Gao, Z.: The Shapley value of convex compound stochastic cooperative game. In: 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), pp. 1608–1611 (2011). https://doi.org/10.1109/AIMSEC.2011.6010580

  24. Messalas, A., Kanellopoulos, Y., Makris, C.: Model-agnostic interpretability with shapley values. In: 2019 10th International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 1–7 (2019). https://doi.org/10.1109/IISA.2019.8900669

  25. Are Correlations any Guide to Predictive Value? on JSTOR. https://www.jstor.org/stable/2985494?seq=1#metadata_info_tab_contents. Accessed 18 Apr 2021

  26. Alippi, C., Disabato, S., Roveri, M.: Moving convolutional neural networks to embedded systems: the AlexNet and VGG-16 Case. In: 2018 17th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), pp. 212–223 (2018). https://doi.org/10.1109/IPSN.2018.00049

Download references

Author information

Authors and Affiliations

  1. School of Civil Engineering, Democritus University of Thrace, Kimmeria, Xanthi, Greece

    Konstantinos Demertzis & Lazaros Iliadis

  2. Department of Physics, International Hellenic University, St. Loukas, 65404, Kavala, Greece

    Konstantinos Demertzis

  3. Department of Computer Science, University of Thessaly, 35100, Lamia, PC, Greece

    Panagiotis Kikiras

Authors
  1. Konstantinos Demertzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lazaros Iliadis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Panagiotis Kikiras
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Demertzis .

Editor information

Editors and Affiliations

  1. University of Piraeus, Piraeus, Greece

    Ilias Maglogiannis

  2. University of Sunderland, Sunderland, UK

    Prof. John Macintyre

  3. Democritus University of Thrace, Xanthi, Greece

    Prof. Lazaros Iliadis

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Demertzis, K., Iliadis, L., Kikiras, P. (2021). A Lipschitz - Shapley Explainable Defense Methodology Against Adversarial Attacks. In: Maglogiannis, I., Macintyre, J., Iliadis, L. (eds) Artificial Intelligence Applications and Innovations. AIAI 2021 IFIP WG 12.5 International Workshops. AIAI 2021. IFIP Advances in Information and Communication Technology, vol 628. Springer, Cham. https://doi.org/10.1007/978-3-030-79157-5_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-79157-5_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-79156-8

  • Online ISBN: 978-3-030-79157-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Search

Navigation