A unified Bayesian framework for adversarial robustness
By: Pablo G. Arce, Roi Naveiro, David Ríos Insua
Potential Business Impact:
Protects computer brains from sneaky tricks.
The vulnerability of machine learning models to adversarial attacks remains a critical security challenge. Traditional defenses, such as adversarial training, typically robustify models by minimizing a worst-case loss. However, these deterministic approaches do not account for uncertainty in the adversary's attack. While stochastic defenses placing a probability distribution on the adversary exist, they often lack statistical rigor and fail to make explicit their underlying assumptions. To resolve these issues, we introduce a formal Bayesian framework that models adversarial uncertainty through a stochastic channel, articulating all probabilistic assumptions. This yields two robustification strategies: a proactive defense enacted during training, aligned with adversarial training, and a reactive defense enacted during operations, aligned with adversarial purification. Several previous defenses can be recovered as limiting cases of our model. We empirically validate our methodology, showcasing the benefits of explicitly modeling adversarial uncertainty.
Similar Papers
Adversarially-Aware Architecture Design for Robust Medical AI Systems
Machine Learning (CS)
Protects AI from tricks that harm patients.
Risk Analysis and Design Against Adversarial Actions
Machine Learning (CS)
Makes smart programs safer from tricky data.
A Unified Bilevel Model for Adversarial Learning and A Case Study
Machine Learning (CS)
Makes computer groups fooled by tiny data changes.