Evasion attacks against machine learning at test time

Abstract. In security-sensitive applications, the success of machine learn-ing depends on a thorough vetting of their resistance to adversarial data. In one pertinent, well-motivated attack scenario, an adversary may at-tempt to evade a deployed system at test time by carefully manipulating attack samples. In this work, we present a simple but effective gradient-based approach that can be exploited to systematically assess the security of several, widely-used classification algorithms against evasion attacks. Following a recently proposed framework for security evaluation, we sim-ulate attack scenarios that exhibit different risk levels for the classifier by increasing the attacker’s knowledge of the system…