Goto

Collaborating Authors

 bim 0


TabAttackBench: A Benchmark for Adversarial Attacks on Tabular Data

arXiv.org Artificial Intelligence

However, with these advancements comes increasing concern about the robustness and security of models, particularly in the context of adversarial attacks. Adversarial attacks involve the intentional manipulation of input data to deceive machine learning models, causing incorrect or misleading outputs (Szegedy et al., 2014). This area of research has drawn significant attention as researchers strive to understand and mitigate the vulnerabilities in various types of data and models. Adversarial perturbations to images involve pixel intensity modifications (Weng et al., 2024), spatial transformations (Aydin & Temizel, 2023), texture perturbations (Geirhos et al., 2018), and localised patches (Wang et al., 2025) that cause dramatic misclassifications while remaining visually imperceptible in Computer Vision (CV). Similarly, in Natural Language Processing (Zhang et al., 2020), attacks typically involve word substitutions (Yang et al., 2023), character-level modifications (Rocamora et al., 2024), or syntactic transformations (Asl et al., 2024) that preserve semantic meaning while fooling text classifiers (Gao et al., 2024). Adversarial vulnerabilities have also been demonstrated in audio processing (Noureddine et al., 2023) through amplitude modifications (Ko et al., 2023), frequency perturbations (Abdullah et al., 2019), and psychoacoustic masking (Qin et al., 2019) that cause speech recognition systems to misinterpret commands. By addressing the vulnerabilities in these types of data, researchers aim to develop more robust and secure machine learning systems across various domains.


Assessing the Resilience of Automotive Intrusion Detection Systems to Adversarial Manipulation

arXiv.org Artificial Intelligence

The security of modern vehicles has become increasingly important, with the controller area network (CAN) bus serving as a critical communication backbone for various Electronic Control Units (ECUs). The absence of robust security measures in CAN, coupled with the increasing connectivity of vehicles, makes them susceptible to cyberattacks. While intrusion detection systems (IDSs) have been developed to counter such threats, they are not foolproof. Adversarial attacks, particularly evasion attacks, can manipulate inputs to bypass detection by IDSs. This paper extends our previous work by investigating the feasibility and impact of gradient-based adversarial attacks performed with different degrees of knowledge against automotive IDSs. We consider three scenarios: white-box (attacker with full system knowledge), grey-box (partial system knowledge), and the more realistic black-box (no knowledge of the IDS' internal workings or data). We evaluate the effectiveness of the proposed attacks against state-of-the-art IDSs on two publicly available datasets. Additionally, we study effect of the adversarial perturbation on the attack impact and evaluate real-time feasibility by precomputing evasive payloads for timed injection based on bus traffic. Our results demonstrate that, besides attacks being challenging due to the automotive domain constraints, their effectiveness is strongly dependent on the dataset quality, the target IDS, and the attacker's degree of knowledge.