On the Adversarial Robustness of Multivariate Robust Estimation
Erhan Bayraktar, Lifeng Lai
TL;DR
This paper analyzes the adversarial robustness of multivariate M-estimators, characterizing optimal attack strategies and designing estimators with minimal adversarial influence, revealing a tradeoff with outlier robustness.
Contribution
It introduces the adversarial influence function (AIF) for multivariate estimators and derives optimal estimators balancing adversarial and outlier robustness.
Findings
Characterized the adversary's optimal modification strategy.
Derived the optimal M-estimator with minimal AIF.
Identified a tradeoff between adversarial and outlier robustness.
Abstract
In this paper, we investigate the adversarial robustness of multivariate -Estimators. In the considered model, after observing the whole dataset, an adversary can modify all data points with the goal of maximizing inference errors. We use adversarial influence function (AIF) to measure the asymptotic rate at which the adversary can change the inference result. We first characterize the adversary's optimal modification strategy and its corresponding AIF. From the defender's perspective, we would like to design an estimator that has a small AIF. For the case of joint location and scale estimation problem, we characterize the optimal -estimator that has the smallest AIF. We further identify a tradeoff between robustness against adversarial modifications and robustness against outliers, and derive the optimal -estimator that achieves the best tradeoff.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Machine Learning and Algorithms