Adversarial Example Generation Based on Particle Swarm Optimization

As machine learning is widely applied to various domains, its security vulnerability is also highlighted. A PSO (Particle Swarm Optimization) based adversarial example generation algorithm is proposed to reveal the potential security risks of Support Vector Machine (SVM). The adversarial examples, generated by slightly crafting the legitimate samples, can mislead SVM classifier to give wrong classification results. Using the linear separable property of SVM in high-dimensional feature space, PSO is used to find the salient features, and then the average method is used to map back to the original input space to construct the adversarial example. This method makes full use of the easily finding salient features of linear models in the feature space, and the interpretable advantages of the original input space. Experimental results show that the proposed method can fool SVM classifier by using the adversarial example generated by less than 7 % small perturbation, thus proving that SVM has obvious security vulnerability.