TY - GEN
T1 - Augmented Tabular Adversarial Evasion Attacks with Constraint Satisfaction Guarantees
AU - Alhussien, Nour
AU - Agrawal, Gagan
AU - Aleroud, Ahmed
N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.
PY - 2025
Y1 - 2025
N2 - Evasion attacks are among the most widely studied attacks within the general domain of Adversarial Machine Learning (AML). While there is a very active line of research on generating new more efficient attacks on unconstrained domains, where attributes of a record can be modified arbitrarily, work on tabular constrained domains is significantly more limited. Specifically, to date, there is no general technique for adapting a given attack generation method to any new tabular constrained domain, while ensuring the validity and evasiveness of the generated adversarial examples. Addressing this issue, this paper introduces the Tabular Constraint Guaranteed Evasion (TCGE) algorithm. Our algorithm harnesses the full evasive power of unconstrained attacks by ensuring that the maximum possible perturbation is applied without violating domain constraints, leading to attacks that are both evasive and valid. TCGE accommodates linear, nonlinear, correlated dependencies, and relational constraints. We incorporate TCGE into white-box and black-box threat models in four constrained domains. TCGE shows its plug-and-play compatibility within various existing unconstrained attacks and guarantees the generation of valid evasive adversarial examples without introducing significant time overheads, making TCGE adaptable also for real-time attack generation methods. Despite its generality, TCGE is demonstrated to be more effective and efficient over a specialized attack method for constrained tabular domains.
AB - Evasion attacks are among the most widely studied attacks within the general domain of Adversarial Machine Learning (AML). While there is a very active line of research on generating new more efficient attacks on unconstrained domains, where attributes of a record can be modified arbitrarily, work on tabular constrained domains is significantly more limited. Specifically, to date, there is no general technique for adapting a given attack generation method to any new tabular constrained domain, while ensuring the validity and evasiveness of the generated adversarial examples. Addressing this issue, this paper introduces the Tabular Constraint Guaranteed Evasion (TCGE) algorithm. Our algorithm harnesses the full evasive power of unconstrained attacks by ensuring that the maximum possible perturbation is applied without violating domain constraints, leading to attacks that are both evasive and valid. TCGE accommodates linear, nonlinear, correlated dependencies, and relational constraints. We incorporate TCGE into white-box and black-box threat models in four constrained domains. TCGE shows its plug-and-play compatibility within various existing unconstrained attacks and guarantees the generation of valid evasive adversarial examples without introducing significant time overheads, making TCGE adaptable also for real-time attack generation methods. Despite its generality, TCGE is demonstrated to be more effective and efficient over a specialized attack method for constrained tabular domains.
KW - Adversarial Machine Learning
KW - Constrained Domain
KW - Evasion Attacks
KW - Tabular Attacks
UR - https://www.scopus.com/pages/publications/105014146285
U2 - 10.1007/978-3-032-00627-1_18
DO - 10.1007/978-3-032-00627-1_18
M3 - Conference contribution
SN - 9783032006264
T3 - Lecture Notes in Computer Science
SP - 365
EP - 386
BT - Availability, Reliability and Security - 20th International Conference, ARES 2025, Proceedings
A2 - Dalla Preda, Mila
A2 - Schrittwieser, Sebastian
A2 - Naessens, Vincent
A2 - De Sutter, Bjorn
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th International Conference on Availability, Reliability and Security, ARES 2025
Y2 - 11 August 2025 through 14 August 2025
ER -