Risk Analysis and Design Against Adversarial Actions

TL;DR

This paper introduces a versatile framework for evaluating the robustness of machine learning models, particularly Support Vector Regression, against diverse adversarial attacks without needing extra test data.

Contribution

It presents a well-principled, distribution-free approach to assess model vulnerability to adversarial actions, applicable to a broad range of learning techniques.

Findings

Framework enables robustness assessment without additional test data

Applicable to diverse attack types and intensities

Provides insights for out-of-distribution generalization

Abstract

Learning models capable of providing reliable predictions in the face of adversarial actions has become a central focus of the machine learning community in recent years. This challenge arises from observing that data encountered at deployment time often deviate from the conditions under which the model was trained. In this paper, we address deployment-time adversarial actions and propose a versatile, well-principled framework to evaluate the model's robustness against attacks of diverse types and intensities. While we initially focus on Support Vector Regression (SVR), the proposed approach extends naturally to the broad domain of learning via relaxed optimization techniques. Our results enable an assessment of the model vulnerability without requiring additional test data and operate in a distribution-free setup. These results not only provide a tool to enhance trust in the model's applicability but also aid in selecting among competing alternatives. Later in the paper, we show that our findings also offer useful insights for establishing new results within the out-of-distribution framework.