From Event: SPIE Defense + Commercial Sensing, 2019
Raman spectra were perturbed such that an intentional misclassification was induced when using a dimension reduction classifier such as linear discriminate analysis (LDA). These perturbations were primarily targeted at patterning the noise within the spectra such that detection is difficult to detect by visual inspection. Data-intensive decisions are increasingly important to mine the increasing volume of information accessible by modern instrumentation. These decisions are conceptually performed through projection of measurements on high dimensional manifolds to low-dimensional outcomes. This dimension reduction provides suppression of stochastic random noise to better inform the decision. However, non-stochastic patterning of the “noise” can induce intentional misclassification that is difficult to easily detect by visual inspection. Such digital attacks could result in intentional changes in decisions made from many routine automated classifiers. Preliminary results using Raman spectra showed that misclassification can be induced by picking a target classification and patterning the noise in the spectra such that in a reduced dimensional space, it is moved towards the target classification. Development of approaches for optimizing the attacks serves as a prelude for generation of robust classification strategies less susceptible to intentional attacks.
© (2019) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Casey Smith, Youlin Liu, and Garth J. Simpson, "Defense against adversarial spectroscopic attacks (Conference Presentation)," Proc. SPIE 10989, Big Data: Learning, Analytics, and Applications, 109890F (Presented at SPIE Defense + Commercial Sensing: April 18, 2019; Published: 13 May 2019);