Attack Transferability Characterization for Adversarially Robust Multi-label Classification

Zhuo Yang, Yufei Han, Xiangliang Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Despite of the pervasive existence of multi-label evasion attack, it is an open yet essential problem to characterize the origin of the adversarial vulnerability of a multi-label learning system and assess its attackability. In this study, we focus on non-targeted evasion attack against multi-label classifiers. The goal of the threat is to cause misclassification with respect to as many labels as possible, with the same input perturbation. Our work gains in-depth understanding about the multi-label adversarial attack by first characterizing the transferability of the attack based on the functional properties of the multi-label classifier. We unveil how the transferability level of the attack determines the attackability of the classifier via establishing an information-theoretic analysis of the adversarial risk. Furthermore, we propose a transferability-centered attackability assessment, named Soft Attackability Estimator (SAE), to evaluate the intrinsic vulnerability level of the targeted multi-label classifier. This estimator is then integrated as a transferability-tuning regularization term into the multi-label learning paradigm to achieve adversarially robust classification. The experimental study on real-world data echoes the theoretical analysis and verify the validity of the transferability-regularized multi-label learning method.
Original languageEnglish (US)
Title of host publicationMachine Learning and Knowledge Discovery in Databases. Research Track
PublisherSpringer International Publishing
Pages397-413
Number of pages17
ISBN (Print)9783030865221
DOIs
StatePublished - Sep 11 2021

Bibliographical note

KAUST Repository Item: Exported on 2021-10-05

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Attack Transferability Characterization for Adversarially Robust Multi-label Classification'. Together they form a unique fingerprint.

Cite this