# Multi-Label Adversarial Perturbations

**Authors:** Qingquan Song, Haifeng Jin, Xiao Huang, Xia Hu

arXiv: 1901.00546 · 2019-01-04

## TL;DR

This paper introduces a novel framework for generating adversarial perturbations in multi-label classification, revealing vulnerabilities of deep learning models and suggesting potential robustness improvements.

## Contribution

It proposes a general attacking framework for multi-label models, including ranking-based methods, and provides the first comprehensive analysis of multi-label adversarial perturbations.

## Key findings

- Effective attack methods demonstrated on real-world datasets
- Insights into the vulnerability of multi-label models under targeted attacks
- Discussion of a potential defensive strategy to improve robustness

## Abstract

Adversarial examples are delicately perturbed inputs, which aim to mislead machine learning models towards incorrect outputs. While most of the existing work focuses on generating adversarial perturbations in multi-class classification problems, many real-world applications fall into the multi-label setting in which one instance could be associated with more than one label. For example, a spammer may generate adversarial spams with malicious advertising while maintaining the other labels such as topic labels unchanged. To analyze the vulnerability and robustness of multi-label learning models, we investigate the generation of multi-label adversarial perturbations. This is a challenging task due to the uncertain number of positive labels associated with one instance, as well as the fact that multiple labels are usually not mutually exclusive with each other. To bridge this gap, in this paper, we propose a general attacking framework targeting on multi-label classification problem and conduct a premier analysis on the perturbations for deep neural networks. Leveraging the ranking relationships among labels, we further design a ranking-based framework to attack multi-label ranking algorithms. We specify the connection between the two proposed frameworks and separately design two specific methods grounded on each of them to generate targeted multi-label perturbations. Experiments on real-world multi-label image classification and ranking problems demonstrate the effectiveness of our proposed frameworks and provide insights of the vulnerability of multi-label deep learning models under diverse targeted attacking strategies. Several interesting findings including an unpolished defensive strategy, which could potentially enhance the interpretability and robustness of multi-label deep learning models, are further presented and discussed at the end.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1901.00546/full.md

## Figures

9 figures with captions in the complete paper: https://tomesphere.com/paper/1901.00546/full.md

## References

56 references — full list in the complete paper: https://tomesphere.com/paper/1901.00546/full.md

---
Source: https://tomesphere.com/paper/1901.00546