Deep generative models as an adversarial attack strategy for tabular machine learning
Salijona Dyrmishi, Mihaela Cătălina Stoian, Eleonora Giunchiglia, Maxime Cordy
TL;DR
The paper tackles the vulnerability of tabular ML models to adversarial inputs generated by deep generative models. It adapts four tabular DGMs into AdvDGMs and adds a differentiable constraint repair layer to enforce domain constraints, yielding C-AdvDGM and P-AdvDGM variants. Empirically, AdvWGAN achieves strong attack success (up to $95$% ASR on Heloc with TabTransformer), and incorporating the constraint layer improves ASR with minimal sampling-time overhead. These results underscore the importance of domain-aware realism in adversarial testing of real-world tabular systems and provide publicly available code and data for reproducibility.
Abstract
Deep Generative Models (DGMs) have found application in computer vision for generating adversarial examples to test the robustness of machine learning (ML) systems. Extending these adversarial techniques to tabular ML presents unique challenges due to the distinct nature of tabular data and the necessity to preserve domain constraints in adversarial examples. In this paper, we adapt four popular tabular DGMs into adversarial DGMs (AdvDGMs) and evaluate their effectiveness in generating realistic adversarial examples that conform to domain constraints.