Is Ordered Weighted $\ell_1$ Regularized Regression Robust to Adversarial Perturbation? A Case Study on OSCAR

TL;DR

This paper examines the vulnerability of the OSCAR regression method, an ordered weighted $\\ell_1$ regularizer, to adversarial noise, revealing significant performance degradation even with small perturbations.

Contribution

It formulates the adversarial noise generation process for OSCAR and demonstrates its robustness issues through theoretical analysis and experiments.

Findings

Adversarial noise can severely degrade OSCAR's performance.

Performance degradation occurs even with small noise budgets.

Grouping of correlated features is particularly vulnerable.

Abstract

Many state-of-the-art machine learning models such as deep neural networks have recently shown to be vulnerable to adversarial perturbations, especially in classification tasks. Motivated by adversarial machine learning, in this paper we investigate the robustness of sparse regression models with strongly correlated covariates to adversarially designed measurement noises. Specifically, we consider the family of ordered weighted $\ell_1$ (OWL) regularized regression methods and study the case of OSCAR (octagonal shrinkage clustering algorithm for regression) in the adversarial setting. Under a norm-bounded threat model, we formulate the process of finding a maximally disruptive noise for OWL-regularized regression as an optimization problem and illustrate the steps towards finding such a noise in the case of OSCAR. Experimental results demonstrate that the regression performance of grouping strongly correlated features can be severely degraded under our adversarial setting, even when the noise budget is significantly smaller than the ground-truth signals.