Adversarial Classification: Necessary conditions and geometric flows

TL;DR

This paper investigates the geometric and variational structure of adversarial classification, deriving conditions and evolution equations for optimal classifiers under data corruption, with rigorous results in one dimension and conditional results in higher dimensions.

Contribution

It introduces necessary conditions and a geometric flow framework for understanding adversarial classifiers, connecting them with optimal transport and providing rigorous analysis in one dimension.

Findings

Derived a geometric evolution equation for classification boundaries.

Proved global minimizer characterization in one dimension.

Connected adversarial problems with optimal transport theory.

Abstract

We study a version of adversarial classification where an adversary is empowered to corrupt data inputs up to some distance $\varepsilon$, using tools from variational analysis. In particular, we describe necessary conditions associated with the optimal classifier subject to such an adversary. Using the necessary conditions, we derive a geometric evolution equation which can be used to track the change in classification boundaries as $\varepsilon$ varies. This evolution equation may be described as an uncoupled system of differential equations in one dimension, or as a mean curvature type equation in higher dimension. In one dimension, and under mild assumptions on the data distribution, we rigorously prove that one can use the initial value problem starting from $\varepsilon=0$, which is simply the Bayes classifier, in order to solve for the global minimizer of the adversarial problem for small values of $\varepsilon$. In higher dimensions we provide a similar result, albeit conditional to the existence of regular solutions of the initial value problem. In the process of proving our main results we obtain a result of independent interest connecting the original adversarial problem with an optimal transport problem under no assumptions on whether classes are balanced or not. Numerical examples illustrating these ideas are also presented.