Research in ML4VIS investigates how to use machine learning (ML) techniques
to generate visualizations, and the field is rapidly growing with high societal
impact. However, as with any computational pipeline that employs ML processes,
ML4VIS approaches are susceptible to a range of ML-specific adversarial
attacks. These attacks can manipulate visualization generations, causing
analysts to be tricked and their judgments to be impaired. Due to a lack of
synthesis from both visualization and ML perspectives, this security aspect is
largely overlooked by the current ML4VIS literature. To bridge this gap, we
investigate the potential vulnerabilities of ML-aided visualizations from
adversarial attacks using a holistic lens of both visualization and ML
perspectives. We first identify the attack surface (i.e., attack entry points)
that is unique in ML-aided visualizations. We then exemplify five different
adversarial attacks. These examples highlight the range of possible attacks
when considering the attack surface and multiple different adversary
capabilities. Our results show that adversaries can induce various attacks,
such as creating arbitrary and deceptive visualizations, by systematically
identifying input attributes that are influential in ML inferences. Based on
our observations of the attack surface characteristics and the attack examples,
we underline the importance of comprehensive studies of security issues and
defense mechanisms as a call of urgency for the ML4VIS community.
外部データセット
Wine dataset
Gapminder dataset
参考文献
Proc. KDD
Table2Charts: Recommending charts by learning shared table representations
Zhou, M., Li, Q., He, X., Li, Y., et al.
Published: 2021
IEEE Trans Vis Comput Graph
Text-to-Viz: Automatic generation of infographics from proportion-related natural language statements
Cui, W., Zhang, X., Wang, Y., Huang, H., Chen, B., et al.
Published: 2020
Comput Graph Forum
Follow the clicks: Learning and anticipating mouse interactions during exploratory data analysis
Ottley, A., Garnett, R., Wan, R.
Published: 2019
IEEE Trans Vis Comput Graph
A survey on ML4VIS: Applying machine learning advances to data visualization
Wang, Q., Chen, Z., Wang, Y., Qu, H.
Published: 2022
IEEE Trans Vis Comput Graph
DL4SciVis: A state-of-the-art survey on deep learning for scientific visualization
Wang, C., Han, J.
Published: 2023
IEEE Trans Vis Comput Graph
AI4VIS: Survey on artificial intelligence approaches for data visualization
Wu, A., Wang, Y., Shu, X., Moritz, D., et al.
Published: 2022
Proc. DECISIVe
Black hat visualization
Correll, M., Heer, J.
Published: 2017
Proc. CHI
Surfacing visualization mirages
McNutt, A., Kindlmann, G., Correll, M.
Published: 2020
Commun ACM
Making machine learning robust against adversarial inputs
Goodfellow, I., McDaniel, P., Papernot, N.
Published: 2018
Proc. EuroS&P
SoK: Security and privacy in machine learning
Papernot, N., McDaniel, P., Sinha, A., Wellman, M.P.
Published: 2018
Proc. Natl Acad Sci
Agency plus automation: Designing artificial intelligence into interactive systems
Heer, J.
Published: 2019
Technical Report EUR 30040 EN, Publications Office of the European Union
Robustness and explainability of artificial intelligence
Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks
Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, Ananthram Swami
Published: 2015.11.14
Deep learning algorithms have been shown to perform extremely well on many
classical machine learning problems. However, recent studies have shown that
deep learning, like other machine learning techniques, is vulnerable to
adversarial samples: inputs crafted to force a deep neural network (DNN) to
provide adversary-selected outputs. Such attacks can seriously undermine the
security of the system supported by the DNN, sometimes with devastating
consequences. For example, autonomous vehicles can be crashed, illicit or
illegal content can bypass content filters, or biometric authentication systems
can be manipulated to allow improper access. In this work, we introduce a
defensive mechanism called defensive distillation to reduce the effectiveness
of adversarial samples on DNNs. We analytically investigate the
generalizability and robustness properties granted by the use of defensive
distillation when training DNNs. We also empirically study the effectiveness of
our defense mechanisms on two DNNs placed in adversarial settings. The study
shows that defensive distillation can reduce effectiveness of sample creation
from 95% to less than 0.5% on a studied DNN. Such dramatic gains can be
explained by the fact that distillation leads gradients used in adversarial
sample creation to be reduced by a factor of 10^30. We also find that
distillation increases the average minimum number of features that need to be
modified to create adversarial samples by about 800% on one of the DNNs we
tested.
MultiVision: Designing analytical dashboards with deep learning based recommendation
Wu, A., Wang, Y., Zhou, M., He, X., et al.
Published: 2022
IEEE Trans Vis Comput Graph
ChartSeer: Interactive steering exploratory visual analysis with machine intelligence
Zhao, J., Fan, M., Feng, M.
Published: 2022
IEEE Trans Vis Comput Graph
PlotThread: Creating expressive storyline visualizations using reinforcement learning
Tang, T., Li, R., Wu, X., Liu, S., et al.
Published: 2021
IEEE Trans Vis Comput Graph
A deep generative model for graph layout
Kwon, O.-H., Ma, K.-L.
Published: 2020
Comput Graph Forum
Fast and accurate CNN-based brushing in scatterplots
Fan, C., Hauser, H.
Published: 2018
Comput Graph Forum
Reverse-engineering visualizations: Recovering visual encodings from chart images
Poco, J., Heer, J.
Published: 2017
IEEE Trans Vis Comput Graph
ScatterNet: A deep subjective similarity model for visual analysis of scatterplots
Ma, Y., Tung, A.K., Wang, W., Gao, X., et al.
Published: 2018
J Comput Sci Technol
A survey of visual analytic pipelines
Wang, X.-M., Zhang, T.-Y., Ma, Y.-X., Xia, J., Chen, W.
Published: 2016
Springer
Context visualization for visual data mining
Huang, M.L., Nguyen, Q.V.
Published: 2008
Proc. FiCloudW
Cyber-attack modeling analysis techniques: An overview
Al-Mohannadi, H., Mirza, Q., Namanya, A., Awan, I., Cullen, A., Disso, J.
Published: 2016
IEEE Trans Vis Comput Graph
The role of uncertainty, awareness, and trust in visual analytics
Sacha, D., Senaratne, H., Kwon, B.C., Ellis, G., Keim, D.A.
Published: 2016
Proc. IUI
User-adaptive information visualization: Using eye gaze data to infer visualization tasks and user cognitive abilities
Steichen, B., Carenini, G., Conati, C.
Published: 2013
Technical Report DOT HS 812 043, U.S. Department of Transportation-National Highway Traffic Safety Administration
Human factors evaluation of level 2 and level 3 automated driving concepts: Past research, state of automation technology, and emerging system concepts
