• français
    • English
  • English 
    • français
    • English
  • Login
JavaScript is disabled for your browser. Some features of this site may not work without it.
BIRD Home

Browse

This CollectionBy Issue DateAuthorsTitlesSubjectsJournals BIRDResearch centres & CollectionsBy Issue DateAuthorsTitlesSubjectsJournals

My Account

Login

Statistics

View Usage Statistics

Randomization matters How to defend against strong adversarial attacks

Thumbnail
Date
2020
Link to item file
https://hal.archives-ouvertes.fr/hal-02892161
Dewey
Probabilités et mathématiques appliquées
Sujet
Machine learning
Conference name
Thirty-seventh International Conference on Machine Learning (ICML 2020)
Conference date
07-2020
Conference city
Vienna
Conference country
AUSTRIA
URI
https://basepub.dauphine.fr/handle/123456789/21131
Collections
  • LAMSADE : Publications
Metadata
Show full item record
Author
Pinot, Rafaël
Ettedgui, Raphaël
Rizk, Geovani
Chevaleyre, Yann
Atif, Jamal
Type
Communication / Conférence
Abstract (EN)
Is there a classifier that ensures optimal robust-ness against all adversarial attacks? This paper answers this question by adopting a game-theoretic point of view. We show that adversarial attacks and defenses form an infinite zero-sum game where classical results (e.g. Sion theorems) do not apply. We demonstrate the non-existence of a Nash equilibrium in our game when the clas-sifier and the Adversary are both deterministic, hence giving a negative answer to the above question in the deterministic regime. Nonetheless, the question remains open in the randomized regime. We tackle this problem by showing that, under mild conditions on the dataset distribution, any deterministic classifier can be outperformed by a randomized one. This gives arguments for using randomization, and leads us to a new algorithm for building randomized classifiers that are robust to strong adversarial attacks. Empirical results validate our theoretical analysis, and show that our defense method considerably outperforms Adver-sarial Training against state-of-the-art attacks.

  • Accueil Bibliothèque
  • Site de l'Université Paris-Dauphine
  • Contact
SCD Paris Dauphine - Place du Maréchal de Lattre de Tassigny 75775 Paris Cedex 16

 Content on this site is licensed under a Creative Commons 2.0 France (CC BY-NC-ND 2.0) license.