Current browse context:
cs.LG
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: Robustness against Relational Adversary
(Submitted on 1 Jul 2020 (v1), revised 29 Oct 2020 (this version, v2), latest version 25 Feb 2022 (v3))
Abstract: Test-time adversarial attacks have posed serious challenges to the robustness of machine-learning models, and in many settings the adversarial perturbation need not be bounded by small $\ell_p$-norms. Motivated by the semantics-preserving attacks in vision and security domain, we investigate $\textit{relational adversaries}$, a broad class of attackers who create adversarial examples that are in a reflexive-transitive closure of a logical relation. We analyze the conditions for robustness and propose $\textit{normalize-and-predict}$ -- a learning framework with provable robustness guarantee. We compare our approach with adversarial training and derive an unified framework that provides benefits of both approaches. Guided by our theoretical findings, we apply our framework to image classification and malware detection. Results of both tasks show that attacks using relational adversaries frequently fool existing models, but our unified framework can significantly enhance their robustness.
Submission history
From: Yizhen Wang [view email][v1] Wed, 1 Jul 2020 21:27:38 GMT (108kb)
[v2] Thu, 29 Oct 2020 14:42:42 GMT (296kb,D)
[v3] Fri, 25 Feb 2022 20:45:35 GMT (450kb,D)
Link back to: arXiv, form interface, contact.