Lattice Climber Attack: Adversarial attacks for randomized mixtures of classifiers
Lucas Gnecco-Heredia, Benjamin Negrevergne, Yann Chevaleyre
TL;DR
This paper introduces the lattice climber attack, a new method for effectively attacking randomized classifier mixtures, with theoretical guarantees and improved performance over existing methods.
Contribution
It presents a novel attack method that addresses the limitations of previous attacks on randomized classifiers, with theoretical analysis and empirical validation.
Findings
Lattice climber attack outperforms existing attacks on synthetic datasets.
The attack has theoretical guarantees in binary linear classifiers.
Experimental results show improved robustness breaking capabilities.
Abstract
Finite mixtures of classifiers (a.k.a. randomized ensembles) have been proposed as a way to improve robustness against adversarial attacks. However, existing attacks have been shown to not suit this kind of classifier. In this paper, we discuss the problem of attacking a mixture in a principled way and introduce two desirable properties of attacks based on a geometrical analysis of the problem (effectiveness and maximality). We then show that existing attacks do not meet both of these properties. Finally, we introduce a new attack called {\em lattice climber attack} with theoretical guarantees in the binary linear setting, and demonstrate its performance by conducting experiments on synthetic and real datasets.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Anomaly Detection Techniques and Applications