Attack Transferability Characterization for Adversarially Robust Multi-label Classification - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2021

Attack Transferability Characterization for Adversarially Robust Multi-label Classification

Résumé

Despite of the pervasive existence of multi-label evasion attack, it is an open yet essential problem to characterize the origin of the adversarial vulnerability of a multi-label learning system and assess its attackability. In this study, we focus on non-targeted evasion attack against multi-label classifiers. The goal of the threat is to cause miss-classification with respect to as many labels as possible, with the same input perturbation. Our work gains in-depth understanding about the multi-label adversarial attack by first characterizing the transferability of the attack based on the functional properties of the multi-label classifier. We unveil how the transferability level of the attack determines the attackability of the classifier via establishing an information-theoretic analysis of the adversarial risk. Furthermore, we propose a transferability-centered attackability assessment, named Soft Attackability Estimator (SAE), to evaluate the intrinsic vulnerability level of the targeted multi-label classifier. This estimator is then integrated as a transferability-tuning regularization term into the multi-label learning paradigm to achieve adversarially robust classification. The experimental study on real-world data echos the theoretical analysis and verify the validity of the transferability-regularized multi-label learning method.
Fichier principal
Vignette du fichier
2106.15360.pdf (571.31 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03449837 , version 1 (05-01-2022)

Identifiants

Citer

Zhuo Yang, Yufei Han, Xiangliang Zhang. Attack Transferability Characterization for Adversarially Robust Multi-label Classification. ECML-PKDD 2021 - Proceedings of European Conference on Machine Learning, Part III, Sep 2021, Bilbao, Spain. pp.397-413. ⟨hal-03449837⟩
81 Consultations
55 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More