Abstract
Despite of the pervasive existence of multi-label evasion attack, it is an open yet essential problem to characterize the origin of the adversarial vulnerability of a multi-label learning system and assess its attackability. In this study, we focus on non-targeted evasion attack against multi-label classifiers. The goal of the threat is to cause misclassification with respect to as many labels as possible, with the same input perturbation. Our work gains in-depth understanding about the multi-label adversarial attack by first characterizing the transferability of the attack based on the functional properties of the multi-label classifier. We unveil how the transferability level of the attack determines the attackability of the classifier via establishing an information-theoretic analysis of the adversarial risk. Furthermore, we propose a transferability-centered attackability assessment, named Soft Attackability Estimator (SAE), to evaluate the intrinsic vulnerability level of the targeted multi-label classifier. This estimator is then integrated as a transferability-tuning regularization term into the multi-label learning paradigm to achieve adversarially robust classification. The experimental study on real-world data echoes the theoretical analysis and verify the validity of the transferability-regularized multi-label learning method.
Original language | English (US) |
---|---|
Title of host publication | Machine Learning and Knowledge Discovery in Databases. Research Track |
Publisher | Springer International Publishing |
Pages | 397-413 |
Number of pages | 17 |
ISBN (Print) | 9783030865221 |
DOIs | |
State | Published - Sep 11 2021 |
Bibliographical note
KAUST Repository Item: Exported on 2021-10-05ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science