A Targeted Adversarial Attack on Support Vector Machine Using the Boundary Line

Author

Yessenia Rodriguez, The University of Texas Rio Grande Valley

Date of Award

12-2020

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Dr. Hansheng Lei

Second Advisor

Dr. Fitratullah Khan

Third Advisor

Dr. Mahmoud K. Quweider

Abstract

In this thesis, a targeted adversarial attack is explored on a Support Vector Machine (SVM). SVM is defined by creating a separating boundary between two classes. Using a target class, any input can be modified to cross the “boundary line,” making the model predict the target class. To limit the modification, a percentage of an image of the target class is used to get several random sections. Using these sections, the input will be moved in small steps closer to the boundary point. The section that took the least number of steps to cause the model to predict the target class will be considered the optimal section. This method of attack can lead us to find the predominant features that the SVM uses to classify the target class. This knowledge can be used for further attacks and to find further vulnerabilities of the SVM model.

Comments

Copyright 2020 Yessenia Rodriguez. All Rights Reserved.

https://go.openathens.net/redirector/utrgv.edu?url=https://www.proquest.com/dissertations-theses/targeted-adversarial-attack-on-support-vector/docview/2560025280/se-2?accountid=7119

Recommended Citation

Rodriguez, Yessenia, "A Targeted Adversarial Attack on Support Vector Machine Using the Boundary Line" (2020). Theses and Dissertations. 756.
https://scholarworks.utrgv.edu/etd/756