Chaotic variational auto encoder-based adversarial machine learning

2025-12-17

Daka Pavan Venkata Sainadh Reddy, Yelleti Vivek, Gopi Pranay, Vadlamani Ravi,
Chaotic variational auto encoder-based adversarial machine learning,
Computers and Electrical Engineering,
Volume 128, Part A,
2025,
110646,
ISSN 0045-7906,
https://doi.org/10.1016/j.compeleceng.2025.110646.
(https://www.sciencedirect.com/science/article/pii/S0045790625005890)
Abstract: Machine Learning (ML) has successfully made inroads into almost every field. This very fact makes the ML models a target for fraudsters who perpetrate various adversarial attacks, thereby hindering the performance of ML models. Evasion and data-poisoning-based attacks are more notorious, especially in finance, healthcare, and other critical sectors. This motivated us to propose a novel, computationally less expensive method for generating adversarial samples by employing a Variational Autoencoder (VAE). It is well known that the Wavelet Neural Network (WNN) is considered computationally efficient in solving image and audio processing, speech recognition, and time-series forecasting. This paper proposes a VAE-Deep-Wavelet neural network (VAE-Deep-WNN), where the encoder and decoder employ a WNN instead of a multi-layer perceptron (MLP). Recently, a chaotic VAE (C-VAE) was reported to be more effective in one-class classification [1], which motivated us to propose a chaotic variant of Deep-WNN and MLP-based VAE, named C-VAE-Deep-WNN and C-VAE-MLP, respectively. Our chaotic variants employed a logistic map to generate chaotic numbers, replacing the random noise in the latent space of the traditional VAE. In this paper, we performed both vanilla and chaos VAE-based adversary sample generation and applied them to various problems related to finance and cybersecurity domains, such as loan default, credit card fraud, and churn modeling, etc; we performed both evasion and data-poisoning attacks on Logistic Regression, Decision Tree, Gradient boosting, Light gradient boosting models. In the majority of the datasets, VAE-Deep-WNN/C-VAE-Deep-WNN outperformed the other VAE-based variants in both evasion and data poisoning attacks.
Keywords: WNN; VAE-Deep-WNN; Evasion attack; Data-poisoning attack; Chaotic maps