Adversarial Attacks on Machine Learning-Aided VisualizationsShow others and affiliations
2024 (English)In: Journal of Visualization, ISSN 1343-8875, E-ISSN 1875-8975Article in journal (Refereed) Epub ahead of print
Abstract [en]
Research in ML4VIS investigates how to use machine learning (ML) techniques to generate visualizations, and the field is rapidly growing with high societal impact. However, as with any computational pipeline that employs ML processes, ML4VIS approaches are susceptible to a range of ML-specific adversarial attacks. These attacks can manipulate visualization generations, causing analysts to be tricked and their judgments to be impaired. Due to a lack of synthesis from both visualization and ML perspectives, this security aspect is largely overlooked by the current ML4VIS literature. To bridge this gap, we investigate the potential vulnerabilities of ML-aided visualizations from adversarial attacks using a holistic lens of both visualization and ML perspectives. We first identify the attack surface (i.e., attack entry points) that is unique in ML-aided visualizations. We then exemplify five different adversarial attacks. These examples highlight the range of possible attacks when considering the attack surface and multiple different adversary capabilities. Our results show that adversaries can induce various attacks, such as creating arbitrary and deceptive visualizations, by systematically identifying input attributes that are influential in ML inferences. Based on our observations of the attack surface characteristics and the attack examples, we underline the importance of comprehensive studies of security issues and defense mechanisms as a call of urgency for the ML4VIS community.
Place, publisher, year, edition, pages
Springer, 2024.
Keywords [en]
ML4VIS, AI4VIS, Visualization, Cybersecurity, Neural networks, Parametric dimensionality reduction, Chart recommendation
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:liu:diva-207771DOI: 10.1007/s12650-024-01029-2ISI: 001316813100001OAI: oai:DiVA.org:liu-207771DiVA, id: diva2:1899989
Funder
Knut and Alice Wallenberg Foundation, 2019.0024ELLIIT - The Linköping‐Lund Initiative on IT and Mobile Communications
Note
Funding Agencies|Knut and Alice Wallenberg Foundation [KAW 2019.0024]; ELLIIT environment for strategic research in Sweden
2024-09-212024-09-212024-10-07