Fast Adversarial Label-Flipping Attack on Tabular Data

TL;DR

This paper introduces FALFA, a fast and efficient adversarial label-flipping attack on tabular data, revealing significant vulnerabilities in machine learning models used in critical fields like cybersecurity.

Contribution

The paper presents FALFA, a novel linear programming-based attack method that efficiently crafts adversarial labels, exposing weaknesses in existing defenses for tabular data models.

Findings

FALFA outperforms existing attacks in effectiveness on real datasets.

Label-flipping attacks can significantly degrade model performance.

Tabular data models are highly vulnerable to adversarial label manipulation.

Abstract

Machine learning models are increasingly used in fields that require high reliability such as cybersecurity. However, these models remain vulnerable to various attacks, among which the adversarial label-flipping attack poses significant threats. In label-flipping attacks, the adversary maliciously flips a portion of training labels to compromise the machine learning model. This paper raises significant concerns as these attacks can camouflage a highly skewed dataset as an easily solvable classification problem, often misleading machine learning practitioners into lower defenses and miscalculations of potential risks. This concern amplifies in tabular data settings, where identifying true labels requires expertise, allowing malicious label-flipping attacks to easily slip under the radar. To demonstrate this risk is inherited in the adversary's objective, we propose FALFA (Fast Adversarial Label-Flipping Attack), a novel efficient attack for crafting adversarial labels. FALFA is based on transforming the adversary's objective and employs linear programming to reduce computational complexity. Using ten real-world tabular datasets, we demonstrate FALFA's superior attack potential, highlighting the need for robust defenses against such threats.