Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Generating Realistic Adversarial Examples for Business Processes using Variational Autoencoders

Alexander Stevens, Jari Peeperkorn, Johannes De Smedt, Jochen De Weerdt

TL;DR

This paper introduces two novel latent space attacks, which generate adversaries by adding noise to the latent space representation of the input data, rather than directly modifying the input attributes.

Abstract

In predictive process monitoring, predictive models are vulnerable to adversarial attacks, where input perturbations can lead to incorrect predictions. Unlike in computer vision, where these perturbations are designed to be imperceptible to the human eye, the generation of adversarial examples in predictive process monitoring poses unique challenges. Minor changes to the activity sequences can create improbable or even impossible scenarios to occur due to underlying constraints such as regulatory rules or process constraints. To address this, we focus on generating realistic adversarial examples tailored to the business process context, in contrast to the imperceptible, pixel-level changes commonly seen in computer vision adversarial attacks. This paper introduces two novel latent space attacks, which generate adversaries by adding noise to the latent space representation of the input data, rather than directly modifying the input attributes. These latent space methods are domain-agnostic and do not rely on process-specific knowledge, as we restrict the generation of adversarial examples to the learned class-specific data distributions by directly perturbing the latent space representation of the business process executions. We evaluate these two latent space methods with six other adversarial attacking methods on eleven real-life event logs and four predictive models. The first three attacking methods directly permute the activities of the historically observed business process executions. The fourth method constrains the adversarial examples to lie within the same data distribution as the original instances, by projecting the adversarial examples to the original data distribution.

Generating Realistic Adversarial Examples for Business Processes using Variational Autoencoders

TL;DR

This paper introduces two novel latent space attacks, which generate adversaries by adding noise to the latent space representation of the input data, rather than directly modifying the input attributes.

Abstract

In predictive process monitoring, predictive models are vulnerable to adversarial attacks, where input perturbations can lead to incorrect predictions. Unlike in computer vision, where these perturbations are designed to be imperceptible to the human eye, the generation of adversarial examples in predictive process monitoring poses unique challenges. Minor changes to the activity sequences can create improbable or even impossible scenarios to occur due to underlying constraints such as regulatory rules or process constraints. To address this, we focus on generating realistic adversarial examples tailored to the business process context, in contrast to the imperceptible, pixel-level changes commonly seen in computer vision adversarial attacks. This paper introduces two novel latent space attacks, which generate adversaries by adding noise to the latent space representation of the input data, rather than directly modifying the input attributes. These latent space methods are domain-agnostic and do not rely on process-specific knowledge, as we restrict the generation of adversarial examples to the learned class-specific data distributions by directly perturbing the latent space representation of the business process executions. We evaluate these two latent space methods with six other adversarial attacking methods on eleven real-life event logs and four predictive models. The first three attacking methods directly permute the activities of the historically observed business process executions. The fourth method constrains the adversarial examples to lie within the same data distribution as the original instances, by projecting the adversarial examples to the original data distribution.

Paper Structure

This paper contains 26 sections, 5 equations, 10 figures, 4 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Predictive Process Monitoring
  4. Adversarial Machine Learning
  5. Manifold Learning
  6. Generating Adversarial Examples for Outcome-Oriented Predictive Process Monitoring
  7. Adversarial Example Generation
  8. Closest Adversarial Example Selection
  9. Class Label Prediction of Adversarial Examples
  10. Experimental Setup
  11. Event Logs
  12. Benchmark Models
  13. Implementation
  14. Train-test Split
  15. Preprocessing Steps
  16. ...and 11 more sections

Figures (10)

  • Figure 1: An illustrative example of adversarial examples in latent space. This simplified scenario assumes two perfectly separated data distributions.
  • Figure 2: A taxonomy of adversarial attacks and adversarial defenses in AML. This figure is adapted from usama2019adversarial.
  • Figure 3: Illustration of (1.A) the regular adversarial attack introduced by stevens2022assessing, and (1.B) the manifold-projected adversarial attack as described by stevens2023manifold.
  • Figure 4: Illustration of (1.C) the latent sampling attack, which uses the stochasticity of the reparameterization trick to generate adversarial examples, and (1.D) the newly introduced gradient steps attacking strategy, which uses the gradients of the classifier to walk in the latent space, across the decision boundary.
  • Figure 5: An illustrative example of adversarial examples in latent space. Note that projecting the regular adversarial example to the distribution does not ensure a minimal distance to the original example (in the latent space).
  • ...and 5 more figures