Marginal Attacks of Generating Adversarial Examples for Spam Filtering

GU Zhaoquan; XIE Yushun; HU Weixiong; YIN Lihua; HAN Yi; TIAN Zhihong

doi:10.1049/cje.2021.05.001

Volume 30 Issue 4

Jul. 2021

Turn off MathJax

Article Contents

Article Navigation > Chinese Journal of Electronics > 2021 > 30(4): 595-602

GU Zhaoquan, XIE Yushun, HU Weixiong, et al., “Marginal Attacks of Generating Adversarial Examples for Spam Filtering,” Chinese Journal of Electronics, vol. 30, no. 4, pp. 595-602, 2021, doi: 10.1049/cje.2021.05.001

Citation:

GU Zhaoquan, XIE Yushun, HU Weixiong, et al., “Marginal Attacks of Generating Adversarial Examples for Spam Filtering,” Chinese Journal of Electronics, vol. 30, no. 4, pp. 595-602, 2021, doi: 10.1049/cje.2021.05.001

Citation:

PDF( 965 KB)

Marginal Attacks of Generating Adversarial Examples for Spam Filtering

doi: 10.1049/cje.2021.05.001

Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China

Funds:

This work is supported by the National Natural Science Foundation of China (No.61902082, No.U20B2046), the Guangdong Province Key Research and Development Plan (No.2019B010136003), the Guangdong Higher Education Innovation Group (No.2020KCXTD007), the Guangzhou Higher Education Innovation Group (No.202032854), and Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme (2019).

Received Date: 2019-10-30
Available Online: 2021-07-19
Publish Date: 2021-07-05

Abstract

Abstract

Digit information has been used in many areas and has been widely spread in the Internet era because of its convenience. However, many ill-disposed attackers, such as spammers take advantage of such convenience to send unsolicited information, such as advertisements, frauds, and pornographic messages to mislead users and this might cause severe consequences. Although many spam filters have been proposed in detecting spams, they are vulnerable and could be misled by some carefully crafted adversarial examples. In this paper, we propose the marginal attack methods of generating such adversarial examples to fool a naive Bayesian spam filter. Specifically, we propose three methods to select sensitive words from a sentence and add them at the end of the sentence. Through extensive experiments, we show that the generated adversarial examples could largely reduce the filter’s detecting accuracy, e.g. by adding only one word, the accuracy could be reduced from 93.6% to 55.8%. Furthermore, we evaluate the transferability of the generated adversarial examples against other traditional filters such as logic regression, decision tree and linear support vector machine based filters. The evaluation results show that these filters’ accuracy is also reduced dramatically; especially, the decision tree based filter’s accuracy drops from 100% to 1.51% by inserting only one word.
- Spam filtering,
- Marginal attack,
- Adversarial example,
- Machine learning

FullText(HTML)

References(38)

References

Akismet, "The harm of spam:July 23, 2013", http://www.securelist.com/en/analysis/204792322/.html, 2019-10-20.

Z. Tian, W. Shi, Y. Wang, et al., "Real time lateral movement detection based on evidence reasoning network for edge computing environment", IEEE Transactions on Industrial Informatics, Vol.15, No.7, pp.4285-4294, 2019.

Z. Tian, S. Su, W. Shi, et al., "A data-driven method for future internet route decision modeling", Future Generation Computer Systems, Vol.95, pp.212-200, 2019.

Z. Tian, C. Luo, J. Qiu, et al., "A distributed deep learning system for web attack detection on edge devices", IEEE Transactions on Industrial Informatics, Vol.16, No.3, pp.1963-1971, 2019.

T. M. Mahmoud and A. M. Mahfouz, "SMS spam filtering technique based on artificial immune system", International Journal of Computer Science Issues, Vol.9, No.2, pp.589-589, 2012.

D. N. Sohn, J. T. Lee and H. C Rim, "The contribution of stylistic information to content-based mobile spam filtering", Proceedings of the ACL-IJCNLP 2009 Conference Short Papers, pp.321-324, 2009.

M. Raissi and G. E. Karniadakis, "Hidden physics models:Machine learning of nonlinear partial differential equations", Journal of Computational Physics, Vol.357, pp.125-141, 2018.

E. G. Dada, J. S. Bassi, H. Chiroma, et al., "Machine learning for email spam filtering:Review, approaches and open research problems", Heliyon,Vol.5, No.6, DOI:10.1016/j.heliyon.2019.e01802, 2019.

J. R. Mendez, T. R. Cotos-Yanez and D. Ruano-Ordas, "A new semantic-based feature selection method for spam filtering", Applied Soft Computing, Vol.76, pp.89-104, 2019.

C. Zhou, J. Zhou, C. Yu, et al., "Multi-channel sliced deep RCNN with residual network for text classification", Chinese Journal of Electronics, Vol.29, No.5, pp.880-886, 2020.

P. K. Roy, J. P. Singh and S. Banerjee, "Deep learning to filter SMS spam", Future Generation Computer Systems, Vol.102, pp.524-533, 2020.

S. Li, R. Li, Y. Xu, et al., "WAF-based chinese character recognition for spam image filtering", Chinese Journal of Electronics, Vol.27, No.5, pp.1050-1055, 2018.

C. Szegedy, W. Zaremba, I. Sutskever, et al., "Intriguing properties of neural networks", arXiv preprint, arXiv:1312.6199, 2013.

Z. Gu, W. Hu, C. Zhang, et al., "Gradient shielding:Towards understanding vulnerability of deep neural networks", IEEE Transactions on Network Science and Engineering, DOI:10.1109/TNSE.2020.2996738, 2020.

Z. Gu, Y. Su, C. Liu, et al., "Adversarial attacks on license plate recognition systems", Computers, Materials & Continua, Vol.65, No.2, pp.1437-1452, 2020.

Z. Gu, Y. Cai, S. Wang, et al., "Adversarial attacks on content-based filtering journal recommender systems", Computers, Materials & Continua, Vol.64, No.3, pp.1755-1770, 2020.

Y. Liu, L. Wei, B. Luo, et al., "Fault injection attack on deep neural network", 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp.131-138, 2020.

L. Huang, A. D. Joseph, B. Nelson, et al., "Adversarial machine learning", Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp.43-58, 2011.

J. Han, M. He, M. Feng, et al., "CFAR Block-sparse bayesian learning algorithm for the off-grid DOA estimation with coprime array", Chinese Journal of Electronics, Vol.28, No.4, pp.863-870, 2019.

J. M. Torres, C. I. Comesana, P. J. Garcianieto, et al., "Review:Machine learning techniques applied to cybersecurity", International Journal of Machine Learning and Cybernetics, pp.1-14, 2019.

Y. Liu, L. Wei, B. Luo, et al., "Fault injection attack on deep neural network", 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp.131-138, 2017.

H. Zhang, W. Meng, J. Qi, et al., "Distributed load sharing under false data injection attack in an inverter-based microgrid", IEEE Transactions on Industrial Electronics, Vol.66, No.2, pp.1543-1551, 2018.

M. Granik and V. Mesyura, "Fake news detection using naive bayes classifier", 2017 IEEE First Ukraine Conference on Electrical and Computer Engineering (UKRCON), pp.900-903, 2017.

W. Feng, J. Sun, L. Zhang, et al., "A support vector machine based naive bayes algorithm for spam filtering", 2016 IEEE 35th International Performance Computing and Communications Conference (IPCCC), pp.1-8, 2016.

N. F. Rusland, N. Wahid, S. Kasim, et al., "Analysis of naive bayes algorithm for email spam filtering across multiple data sets", Proceedings of the IOP Conference Series:Materials Science and Engineering, 2017.

L. Dey, S. Chakraborty, A. Biswas, et al., "Sentiment analysis of review data sets using naive bayes and k-NN classifier", arXiv preprint, arXiv:1610.09982, 2016.

A. Goel, J. Gautam and S. Kumar, "Real time sentiment analysis of tweets using naive bayes", 20162nd International Conference on Next Generation Computing Technologies (NGCT), pp.257-261, 2016.

K. Goeschel, "Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive bayes for off-line analysis", SoutheastCon, IEEE, pp.1-6, 2016.

M. Belouch, S. El Hadaj and M. Idhammad, "Performance evaluation of intrusion detection based on machine learning using Apache Spark", Procedia Computer Science, Vol.127, pp.1-6, 2018.

N. Papernot, P. McDaniel and I. Goodfellow, "Transferability in machine learning:From phenomena to black-box attacks using adversarial samples", arXiv preprint arXiv:1605.07277, 2016.

W. Brendel, J. Rauber and M. Bethge, "Decision-based adversarial attacks:Reliable attacks against black-box machine learning models", arXiv preprint, arXiv:1712.04248, 2017.

A. Kurakin, I. Goodfellow and S. Bengio, "Adversarial machine learning at scale", arXiv preprint, arXiv:1611.01236, 2016.

S. M. Devine and N. D. Bastian, "Intelligent systems design for malware classification under adversarial conditions", arXiv preprint, arXiv:1907.03149, 2019.

H. Blockeel, K. Kersting, S. Nijssen, et al., "Evasion attacks against machine learning at test time", Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp.387-402, 2013.

Z. Fang, W. Han, Y. Li, et al., "Permission based Android security:Issues and countermeasures", Computers and Security, Vol.43, No.43, pp.205-218, 2014.

L. Chen, Y. Ye and T. Bourlai, "Adversarial machine learning in malware detection:Arms race between evasion attack and defense", 2017 European Intelligence and Security Informatics Conference (EISIC), pp.99-106, 2017.

Y. Shi, Y. E. Sagduyu, "Evasion and causative attacks with adversarial deep learning", MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM), pp.243-248, 2017.

Wang Y, Han Y, Bao H, et al., "Attackability characterization of adversarial evasion attack on discrete data", Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp.1415-1425, 2020.

Relative Articles

Supplements(0)

Cited By

Proportional views