Adversarial Vulnerability Bounds for Gaussian Process Classification
Michael Thomas Smith, Kathrin Grosse, Michael Backes, Mauricio A, Alvarez
TL;DR
This paper introduces a formal adversarial robustness bound for Gaussian process classifiers, providing a provable guarantee against confident misclassifications caused by adversarial perturbations.
Contribution
It develops a novel adversarial bound for Gaussian process classifiers that offers formal robustness guarantees across the entire input domain.
Findings
The bound effectively limits adversarial success in experiments.
Configuring classifiers to maximize the bound improves robustness.
The method is practical and tested on various datasets.
Abstract
Machine learning (ML) classification is increasingly used in safety-critical systems. Protecting ML classifiers from adversarial examples is crucial. We propose that the main threat is that of an attacker perturbing a confidently classified input to produce a confident misclassification. To protect against this we devise an adversarial bound (AB) for a Gaussian process classifier, that holds for the entire input domain, bounding the potential for any future adversarial method to cause such misclassification. This is a formal guarantee of robustness, not just an empirically derived result. We investigate how to configure the classifier to maximise the bound, including the use of a sparse approximation, leading to the method producing a practical, useful and provably robust classifier, which we test using a variety of datasets.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsGaussian Process