Selecting Models based on the Risk of Damage Caused by Adversarial Attacks

TL;DR

This paper introduces a statistical method to quantify and estimate the risk of damage caused by adversarial attacks on AI models, aiding safer model selection in security-critical applications.

Contribution

It proposes a novel, statistically consistent estimator for damage risk from adversarial attacks, enabling actionable risk assessment and model selection.

Findings

Estimator is statistically consistent and unbiased

Outperforms conventional metrics in experiments

Enables reliable selection of low-risk models

Abstract

Regulation, legal liabilities, and societal concerns challenge the adoption of AI in safety and security-critical applications. One of the key concerns is that adversaries can cause harm by manipulating model predictions without being detected. Regulation hence demands an assessment of the risk of damage caused by adversaries. Yet, there is no method to translate this high-level demand into actionable metrics that quantify the risk of damage. In this article, we propose a method to model and statistically estimate the probability of damage arising from adversarial attacks. We show that our proposed estimator is statistically consistent and unbiased. In experiments, we demonstrate that the estimation results of our method have a clear and actionable interpretation and outperform conventional metrics. We then show how operators can use the estimation results to reliably select the model with the lowest risk.