Evasion Attacks Against Bayesian Predictive Models
Pablo G. Arce, Roi Naveiro, David R\'ios Insua
TL;DR
This paper develops a general methodology for creating optimal evasion attacks against Bayesian predictive models, focusing on perturbing point predictions and posterior distributions, with novel gradient-based attack strategies.
Contribution
It introduces the first comprehensive approach to designing evasion attacks on Bayesian models, expanding adversarial machine learning research.
Findings
Gradient-based attacks effectively perturb Bayesian predictions.
Attacks can alter both point estimates and entire posterior distributions.
Methodology applies across various computational setups.
Abstract
There is an increasing interest in analyzing the behavior of machine learning systems against adversarial attacks. However, most of the research in adversarial machine learning has focused on studying weaknesses against evasion or poisoning attacks to predictive models in classical setups, with the susceptibility of Bayesian predictive models to attacks remaining underexplored. This paper introduces a general methodology for designing optimal evasion attacks against such models. We investigate two adversarial objectives: perturbing specific point predictions and altering the entire posterior predictive distribution. For both scenarios, we propose novel gradient-based attacks and study their implementation and properties in various computational setups.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Explainable Artificial Intelligence (XAI) · Ethics and Social Impacts of AI