Towards Understanding the Robustness Against Evasion Attack on Categorical Data
Abstract
Characterizing and assessing the adversarial vulnerability of classification models with categorical input has been a practically important, while rarely explored research problem. Our work echoes the challenge by first unveiling the impact factors of adversarial vulnerability of classification models with categorical data based on an information-theoretic adversarial risk analysis about the targeted classifier. Though certifying the robustness of such classification models is intrinsically an NP-hard combinatorial problem, our study shows that the robustness certification can be solved via an efficient greedy exploration of the discrete attack space for any measurable classifiers with a mild smoothness constraint. Our proposed robustness certification framework is instantiated with deep neural network models applied on real-world safety-critic data sources. Our empirical observations confirm the impact of the key adversarial risk factors with categorical input.
Cite
Text
Bao et al. "Towards Understanding the Robustness Against Evasion Attack on Categorical Data." International Conference on Learning Representations, 2022.Markdown
[Bao et al. "Towards Understanding the Robustness Against Evasion Attack on Categorical Data." International Conference on Learning Representations, 2022.](https://mlanthology.org/iclr/2022/bao2022iclr-understanding/)BibTeX
@inproceedings{bao2022iclr-understanding,
title = {{Towards Understanding the Robustness Against Evasion Attack on Categorical Data}},
author = {Bao, Hongyan and Han, Yufei and Zhou, Yujun and Shen, Yun and Zhang, Xiangliang},
booktitle = {International Conference on Learning Representations},
year = {2022},
url = {https://mlanthology.org/iclr/2022/bao2022iclr-understanding/}
}