# On the Adversarial Robustness of Subspace Learning

**Authors:** Fuwei Li, Lifeng Lai, and Shuguang Cui

arXiv: 1908.06210 · 2020-04-22

## TL;DR

This paper investigates the vulnerability of subspace learning algorithms to powerful adversaries capable of fully observing and modifying data matrices, revealing optimal attack strategies based on data singular values.

## Contribution

It introduces the first characterization of optimal adversarial attacks on subspace learning, considering both rank-one and general scenarios, dependent on data singular values and adversary's energy.

## Key findings

- Optimal attack strategies depend on data singular values.
- Adversaries can significantly increase subspace distance.
- Numerical experiments validate attack effectiveness.

## Abstract

In this paper, we study the adversarial robustness of subspace learning problems. Different from the assumptions made in existing work on robust subspace learning where data samples are contaminated by gross sparse outliers or small dense noises, we consider a more powerful adversary who can first observe the data matrix and then intentionally modify the whole data matrix. We first characterize the optimal rank-one attack strategy that maximizes the subspace distance between the subspace learned from the original data matrix and that learned from the modified data matrix. We then generalize the study to the scenario without the rank constraint and characterize the corresponding optimal attack strategy. Our analysis shows that the optimal strategies depend on the singular values of the original data matrix and the adversary's energy budget. Finally, we provide numerical experiments and practical applications to demonstrate the efficiency of the attack strategies.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1908.06210/full.md

## Figures

4 figures with captions in the complete paper: https://tomesphere.com/paper/1908.06210/full.md

## References

34 references — full list in the complete paper: https://tomesphere.com/paper/1908.06210/full.md

---
Source: https://tomesphere.com/paper/1908.06210