CISPA
Browse
s10994-022-06224-6.pdf (2.39 MB)

Adversarial vulnerability bounds for Gaussian process classification

Download (2.39 MB)
journal contribution
posted on 2024-04-24, 13:38 authored by Michael Thomas Smith, Kathrin Grosse, Michael BackesMichael Backes, Mauricio A Álvarez
Protecting ML classifiers from adversarial examples is crucial. We propose that the main threat is an attacker perturbing a confidently classified input to produce a confident misclassification. We consider in this paper the Lo attack in which a small number of inputs can be perturbed by the attacker at test-time. To quantify the risk of this form of attack we have devised a formal guarantee in the form of an adversarial bound (AB) for a binary, Gaussian process classifier using the EQ kernel. This bound holds for the entire input domain, bounding the potential of any future adversarial attack to cause a confident misclassification. We explore how to extend to other kernels and investigate how to maximise the bound by altering the classifier (for example by using sparse approximations). We test the bound using a variety of datasets and show that it produces relevant and practical bounds for many of them.

History

Primary Research Area

  • Trustworthy Information Processing

Journal

Machine Learning

Volume

112

Page Range

971-1009

Publisher

Springer Nature

Open Access Type

  • Hybrid

Sub Type

  • Article

BibTeX

@article{Smith:Grosse:Backes:Álvarez:2023, title = "Adversarial vulnerability bounds for Gaussian process classification", author = "Smith, Michael Thomas" AND "Grosse, Kathrin" AND "Backes, Michael" AND "Álvarez, Mauricio A", year = 2023, month = 3, journal = "Machine Learning", number = "3", pages = "971--1009", publisher = "Springer Nature", issn = "0885-6125", doi = "10.1007/s10994-022-06224-6" }