Adversarial Attacks on Machine Learning-Aided Visualizations

TL;DR

This paper explores the vulnerabilities of ML-assisted visualizations to adversarial attacks, demonstrating how malicious manipulations can deceive analysts and emphasizing the need for security defenses in ML4VIS.

Contribution

It provides a comprehensive analysis of attack surfaces and exemplifies five different adversarial attacks on ML-aided visualizations, highlighting security concerns.

Findings

Adversaries can create deceptive visualizations by exploiting ML input attributes.

Five distinct adversarial attack methods are demonstrated.

Security vulnerabilities in ML4VIS are significant and underexplored.

Abstract

Research in ML4VIS investigates how to use machine learning (ML) techniques to generate visualizations, and the field is rapidly growing with high societal impact. However, as with any computational pipeline that employs ML processes, ML4VIS approaches are susceptible to a range of ML-specific adversarial attacks. These attacks can manipulate visualization generations, causing analysts to be tricked and their judgments to be impaired. Due to a lack of synthesis from both visualization and ML perspectives, this security aspect is largely overlooked by the current ML4VIS literature. To bridge this gap, we investigate the potential vulnerabilities of ML-aided visualizations from adversarial attacks using a holistic lens of both visualization and ML perspectives. We first identify the attack surface (i.e., attack entry points) that is unique in ML-aided visualizations. We then exemplify five different adversarial attacks. These examples highlight the range of possible attacks when considering the attack surface and multiple different adversary capabilities. Our results show that adversaries can induce various attacks, such as creating arbitrary and deceptive visualizations, by systematically identifying input attributes that are influential in ML inferences. Based on our observations of the attack surface characteristics and the attack examples, we underline the importance of comprehensive studies of security issues and defense mechanisms as a call of urgency for the ML4VIS community.