{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T00:38:56Z","timestamp":1759365536889,"version":"build-2065373602"},"reference-count":31,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["www.mdpi.com"],"crossmark-restriction":true},"short-container-title":["MAKE"],"abstract":"<jats:p>Adversarial attacks involve malicious actors introducing intentional perturbations to machine learning (ML) models, causing unintended behavior. This poses a significant threat to the integrity and trustworthiness of ML models, necessitating the development of robust detection techniques to protect systems from potential threats. The paper proposes a new approach for detecting adversarial attacks using a surrogate model and diagnostic attributes. The method was tested on 22 tabular datasets on which four different ML models were trained. Furthermore, various attacks were conducted, which led to obtaining perturbed data. The proposed approach is characterized by high efficiency in detecting known and unknown attacks\u2014balanced accuracy was above 0.94, with very low false negative rates (0.02\u20130.10) for binary detection. Sensitivity analysis shows that classifiers trained based on diagnostic attributes can detect even very subtle adversarial attacks.<\/jats:p>","DOI":"10.3390\/make7040112","type":"journal-article","created":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T07:58:13Z","timestamp":1759305493000},"page":"112","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Adversarial Attacks Detection Method for Tabular Data"],"prefix":"10.3390","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1201-5344","authenticated-orcid":false,"given":"\u0141ukasz","family":"Wawrowski","sequence":"first","affiliation":[{"name":"Institute of Computer Science, University of Silesia, Bedzinska 39, 41-200 Sosnowiec, Poland"},{"name":"Institute of Artificial Intelligence and Cybersecurity, Research Network \u0141ukasiewicz, ul. Leopolda 31, 40-189 Katowice, Poland"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5837-7891","authenticated-orcid":false,"given":"Piotr","family":"Biczyk","sequence":"additional","affiliation":[{"name":"Faculty of Automatic Control, Electronics and Computer Science, Silesian University of Technology, Akademicka 16, 44-100 Gliwice, Poland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2453-4974","authenticated-orcid":false,"given":"Dominik","family":"\u015al\u0119zak","sequence":"additional","affiliation":[{"name":"Institute of Informatics, University of Warsaw, Banacha 2, 02-097 Warsaw, Poland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2393-9761","authenticated-orcid":false,"given":"Marek","family":"Sikora","sequence":"additional","affiliation":[{"name":"Faculty of Automatic Control, Electronics and Computer Science, Silesian University of Technology, Akademicka 16, 44-100 Gliwice, Poland"}]}],"member":"1968","published-online":{"date-parts":[[2025,10,1]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Lowd, D., and Meek, C. (2005, January 21\u201324). Adversarial learning. Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, Chicago, IL, USA.","DOI":"10.1145\/1081870.1081950"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1287","DOI":"10.1126\/science.aaw4399","article-title":"Adversarial attacks on medical machine learning","volume":"363","author":"Finlayson","year":"2019","journal-title":"Science"},{"key":"ref_3","unstructured":"Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., and Fergus, R. (2014). Intriguing properties of neural networks. arXiv."},{"key":"ref_4","unstructured":"Goodfellow, I.J., Shlens, J., and Szegedy, C. (2015). Explaining and Harnessing Adversarial Examples. arXiv."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Kireev, K., Kulynych, B., and Troncoso, C. (2023). Adversarial Robustness for Tabular Data through Cost and Utility Awareness. arXiv.","DOI":"10.14722\/ndss.2023.24924"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"110285","DOI":"10.1016\/j.asoc.2023.110285","article-title":"BrightBox\u2014A rough set based technology for diagnosing mistakes of machine learning models","volume":"141","author":"Janusz","year":"2023","journal-title":"Appl. Soft Comput."},{"key":"ref_7","unstructured":"Biczyk, P., and Wawrowski, \u0141. (2023, January 17\u201320). Towards automated detection of adversarial attacks on tabular data. Proceedings of the 2023 18th Conference on Computer Science and Intelligence Systems (FedCSIS), Warsaw, Poland."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Biczyk, P., and Wawrowski, \u0141. (2023). Detecting and Isolating Adversarial Attacks Using Characteristics of the Surrogate Model Framework. Appl. Sci., 13.","DOI":"10.3390\/app13179698"},{"key":"ref_9","unstructured":"Amodei, D., Olah, C., Steinhardt, J., Christiano, P., Schulman, J., and Man\u00e9, D. (2016). Concrete Problems in AI Safety. arXiv."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1016\/j.patcog.2018.07.023","article-title":"Wild patterns: Ten years after the rise of adversarial machine learning","volume":"84","author":"Biggio","year":"2018","journal-title":"Pattern Recognit."},{"key":"ref_11","unstructured":"Kaufmann, M., Kang, D., Sun, Y., Basart, S., Yin, X., Mazeika, M., Arora, A., Dziedzic, A., Boenisch, F., and Brown, T. (2023). Testing Robustness Against Unforeseen Adversaries. arXiv."},{"key":"ref_12","unstructured":"Papernot, N., McDaniel, P., and Goodfellow, I. (2016). Transferability in Machine Learning: From Phenomena to Black-Box Attacks using Adversarial Samples. arXiv."},{"key":"ref_13","unstructured":"Huang, S., Papernot, N., Goodfellow, I., Duan, Y., and Abbeel, P. (2017). Adversarial Attacks on Neural Network Policies. arXiv."},{"key":"ref_14","unstructured":"Kantchelian, A., Tygar, J.D., and Joseph, A. (2016, January 20\u201322). Evasion and hardening of tree ensemble classifiers. Proceedings of the International Conference on Machine Learning, PMLR, New York, NY, USA."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Pierazzi, F., Pendlebury, F., Cortellazzi, J., and Cavallaro, L. (2020, January 18\u201320). Intriguing Properties of Adversarial ML Attacks in the Problem Space. Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP40000.2020.00073"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Eykholt, K., Evtimov, I., Fernandes, E., Li, B., Rahmati, A., Xiao, C., Prakash, A., Kohno, T., and Song, D. (2018). Robust Physical-World Attacks on Deep Learning Models. arXiv.","DOI":"10.1109\/CVPR.2018.00175"},{"key":"ref_17","unstructured":"Bailey, M., Holz, T., Stamatogiannakis, M., and Ioannidis, S. (2018, January 10\u201312). Generic Black-Box End-to-End Attack Against State of the Art API Call Based Malware Classifiers. Proceedings of the Research in Attacks, Intrusions, and Defenses, Crete, Greece."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"711","DOI":"10.1109\/TDSC.2017.2700270","article-title":"Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection","volume":"16","author":"Demontis","year":"2019","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., and Li, B. (2018, January 21\u201323). Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2018.00057"},{"key":"ref_20","first-page":"200461","article-title":"Investigating imperceptibility of adversarial attacks on tabular data: An empirical analysis","volume":"25","author":"He","year":"2025","journal-title":"Intell. Syst. Appl."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"e1567","DOI":"10.1002\/widm.1567","article-title":"Adversarial Attacks in Explainable Machine Learning: A Survey of Threats Against Models and Humans","volume":"15","author":"Vadillo","year":"2024","journal-title":"Wiley Interdiscip. Rev. Data Min. Knowl. Discov."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Dyrmishi, S., Stoian, M.C., Giunchiglia, E., and Cordy, M. (2024, January 20\u201323). Deep Generative Models as an Adversarial Attack Strategy for Tabular Machine Learning. Proceedings of the 2024 International Conference on Machine Learning and Cybernetics (ICMLC), Miyazaki, Japan.","DOI":"10.1109\/ICMLC63072.2024.10935037"},{"key":"ref_23","unstructured":"Hashemi, M., and Fathi, A. (2020). PermuteAttack: Counterfactual Explanation of Machine Learning Credit Scorecards. arXiv."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Chen, J., Jordan, M.I., and Wainwright, M.J. (2020, January 18\u201320). Hopskipjumpattack: A query-efficient decision-based attack. Proceedings of the 2020 IEEE Symposium on Security and Privacy (sp), San Francisco, CA, USA.","DOI":"10.1109\/SP40000.2020.00045"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Chen, P.Y., Zhang, H., Sharma, Y., Yi, J., and Hsieh, C.J. (2017, January 3). ZOO: Zeroth Order Optimization Based Black-box Attacks to Deep Neural Networks without Training Substitute Models. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, New York, NY, USA. AISec \u201917.","DOI":"10.1145\/3128572.3140448"},{"key":"ref_26","unstructured":"Madry, A., Makelov, A., Schmidt, L., Tsipras, D., and Vladu, A. (2019). Towards Deep Learning Models Resistant to Adversarial Attacks. arXiv."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Kurakin, A., Goodfellow, I., and Bengio, S. (2017). Adversarial examples in the physical world. arXiv.","DOI":"10.1201\/9781351251389-8"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Wang, Z., Wang, W., Chen, Q., Wang, Q., and Nguyen, A. (2023). Generating Valid and Natural Adversarial Examples with Large Language Models. arXiv.","DOI":"10.1109\/CSCWD61410.2024.10580402"},{"key":"ref_29","unstructured":"Grosse, K., Manoharan, P., Papernot, N., Backes, M., and McDaniel, P. (2017). On the (Statistical) Detection of Adversarial Examples. arXiv."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"18265","DOI":"10.1007\/s00521-024-10141-1","article-title":"Leveraging AutoEncoders and chaos theory to improve adversarial example detection","volume":"36","author":"Pedraza","year":"2024","journal-title":"Neural Comput. Appl."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Janusz, A., and \u015al\u0119zak, D. (2014, January 9\u201313). Random probes in computation and assessment of approximate reducts. Proceedings of the Rough Sets and Intelligent Systems Paradigms: Second International Conference, RSEISP 2014, Held as Part of JRS 2014, Granada and Madrid, Spain. Proceedings.","DOI":"10.1007\/978-3-319-08729-0_5"}],"container-title":["Machine Learning and Knowledge Extraction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2504-4990\/7\/4\/112\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T09:02:00Z","timestamp":1759309320000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2504-4990\/7\/4\/112"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,1]]},"references-count":31,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["make7040112"],"URL":"https:\/\/doi.org\/10.3390\/make7040112","relation":{},"ISSN":["2504-4990"],"issn-type":[{"value":"2504-4990","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,1]]}}}