Randomization matters How to defend against strong adversarial attacks
Pinot, Rafaël; Ettedgui, Raphaël; Rizk, Geovani; Chevaleyre, Yann; Atif, Jamal (2020), Randomization matters How to defend against strong adversarial attacks, Thirty-seventh International Conference on Machine Learning (ICML 2020), 2020-07, Vienna, AUSTRIA
Type
Communication / ConférenceExternal document link
https://hal.archives-ouvertes.fr/hal-02892161Date
2020Conference title
Thirty-seventh International Conference on Machine Learning (ICML 2020)Conference date
2020-07Conference city
ViennaConference country
AUSTRIAMetadata
Show full item recordAbstract (EN)
Is there a classifier that ensures optimal robust-ness against all adversarial attacks? This paper answers this question by adopting a game-theoretic point of view. We show that adversarial attacks and defenses form an infinite zero-sum game where classical results (e.g. Sion theorems) do not apply. We demonstrate the non-existence of a Nash equilibrium in our game when the clas-sifier and the Adversary are both deterministic, hence giving a negative answer to the above question in the deterministic regime. Nonetheless, the question remains open in the randomized regime. We tackle this problem by showing that, under mild conditions on the dataset distribution, any deterministic classifier can be outperformed by a randomized one. This gives arguments for using randomization, and leads us to a new algorithm for building randomized classifiers that are robust to strong adversarial attacks. Empirical results validate our theoretical analysis, and show that our defense method considerably outperforms Adver-sarial Training against state-of-the-art attacks.Subjects / Keywords
Machine learningRelated items
Showing items related by title and author.
-
(2019) Communication / Conférence
-
(2019) Communication / Conférence
-
(2019) Communication / Conférence
-
(2018) Communication / Conférence
-
(2019) Document de travail / Working paper
