Jangseung: A Guardian for Machine Learning Algorithms to Protect Against Poisoning Attacks

Many smart city applications rely on machine learning; however, adversarial perturbations can be injected into training data to cause models to return skewed results. Jangseung is a preprocessor limits the effects of poisoning attacks without impeding on accuracy. Jangseung was created to guard support vector machines from poisoned data by utilizing anomaly detection algorithms. The preprocessor was tested through experiments that utilized two different datasets, the MNIST dataset and the UCI breast cancer Wisconsin (diagnostic) dataset. With both datasets, two identical models were trained and then attacked using the same adversarial points, one with Jangseung protecting it and the other unguarded from attack. In all cases, the protected model out-performed the unprotected model and in the best case scenario, the Jangseung-protected model outperformed the unguarded model by 96.2%. The under-trained, undefended MNIST models had an average accuracy of 53.2%. When Jangseung was present, their identical counterparts had a drastically higher average accuracy at 91.1%. Likewise, in the UCI-Cancer dataset, attack sequences lowered the accuracy of the model to as low as 75.51%, but Jangseung-defended models performed with 88.18% accuracy or better. Jangseung was an effective defense against adversarial perturbations for SVMs using different datasets and anomaly detection algorithms.