TY - JOUR
T1 - Explaining Vulnerabilities to Adversarial Machine Learning through Visual Analytics
AU - Ma, Yuxin
AU - Xie, Tiankai
AU - Li, Jundong
AU - Maciejewski, Ross
N1 - Funding Information:
This work was supported by the U.S.Department of Homeland Security under Grant Award 2017-ST-061-QA0001. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security.
Publisher Copyright:
© 1995-2012 IEEE.
PY - 2020/1
Y1 - 2020/1
N2 - Machine learning models are currently being deployed in a variety of real-world applications where model predictions are used to make decisions about healthcare, bank loans, and numerous other critical tasks. As the deployment of artificial intelligence technologies becomes ubiquitous, it is unsurprising that adversaries have begun developing methods to manipulate machine learning models to their advantage. While the visual analytics community has developed methods for opening the black box of machine learning models, little work has focused on helping the user understand their model vulnerabilities in the context of adversarial attacks. In this paper, we present a visual analytics framework for explaining and exploring model vulnerabilities to adversarial attacks. Our framework employs a multi-faceted visualization scheme designed to support the analysis of data poisoning attacks from the perspective of models, data instances, features, and local structures. We demonstrate our framework through two case studies on binary classifiers and illustrate model vulnerabilities with respect to varying attack strategies.
AB - Machine learning models are currently being deployed in a variety of real-world applications where model predictions are used to make decisions about healthcare, bank loans, and numerous other critical tasks. As the deployment of artificial intelligence technologies becomes ubiquitous, it is unsurprising that adversaries have begun developing methods to manipulate machine learning models to their advantage. While the visual analytics community has developed methods for opening the black box of machine learning models, little work has focused on helping the user understand their model vulnerabilities in the context of adversarial attacks. In this paper, we present a visual analytics framework for explaining and exploring model vulnerabilities to adversarial attacks. Our framework employs a multi-faceted visualization scheme designed to support the analysis of data poisoning attacks from the perspective of models, data instances, features, and local structures. We demonstrate our framework through two case studies on binary classifiers and illustrate model vulnerabilities with respect to varying attack strategies.
KW - Adversarial machine learning
KW - data poisoning
KW - visual analytics
UR - http://www.scopus.com/inward/record.url?scp=85075629564&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85075629564&partnerID=8YFLogxK
U2 - 10.1109/TVCG.2019.2934631
DO - 10.1109/TVCG.2019.2934631
M3 - Article
C2 - 31478859
AN - SCOPUS:85075629564
SN - 1077-2626
VL - 26
SP - 1075
EP - 1085
JO - IEEE Transactions on Visualization and Computer Graphics
JF - IEEE Transactions on Visualization and Computer Graphics
IS - 1
M1 - 8812988
ER -