Adversarial Regression with Multiple Learners

Tong, Liang; Yu, Sixie; Alfeld, Scott; Vorobeychik, Yevgeniy

doi:10.48550/arxiv.1806.02256

Cited by 3 publications

(3 citation statements)

References 14 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An adversarial perturbation, denoted as ϵ, when added in a specific direction to an input, can mislead the model into making erroneous predictions. This phenomenon is observed in both classification [9], [10] and regression tasks [11], [12].…”

mentioning

confidence: 83%

Knowing is Half the Battle: Enhancing Clean Data Accuracy of Adversarial Robust Deep Neural Networks via Dual-Model Bounded Divergence Gating

Aboutalebi,

Shafiee,

Tai

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Significant advances have been made in recent years in improving the robustness of deep neural networks, particularly under adversarial machine learning scenarios where the data has been contaminated to fool networks into making undesirable predictions. However, such improvements in adversarial robustness has often come at a significant cost in model accuracy when dealing with uncontaminated data (i.e., clean data), making such defense mechanisms challenging to adapt for real-world practical scenarios where data is primarily clean and accuracy needs to be high. Motivated to find a better balance between adversarial robustness and clean data accuracy, we propose a new model-agnostic adversarial defense mechanism named Dual-model Bounded Divergence (DBD), driven by a theoretical and empirical analysis of the bias-variance trade-off within an adversarial machine learning context. More specifically, the proposed DBD mechanism is premised on the observation that the variance in deep neural networks tends to increase in the presence of adversarial perturbations in the input data. As such, DBD employs a gating mechanism to decide on the final model prediction output based on a novel dual-model variance measure (coined DBD Variance), which is a bounded version of KL-Divergence between models. Not only is the proposed DBD mechanism itself training-free, but it can be combined with existing adversarial defense mechanisms to boost the balance between clean data accuracy and adversarial robustness. Comprehensive experimental results across over 10 different state-of-the-art adversarial defense mechanisms using both CIFAR-10 and ImageNet benchmark datasets across different adversarial attacks (e.g., APGD, AutoAttack) demonstrates that the integration of DBD can lead to as much as a 6% improvement on clean data accuracy without compromising much on adversarial robustness.

show abstract

mentioning

confidence: 83%

Knowing is Half the Battle: Enhancing Clean Data Accuracy of Adversarial Robust Deep Neural Networks via Dual-Model Bounded Divergence Gating

Aboutalebi,

Shafiee,

Tai

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Tong et al [27] consider an attacker that perturbs data samples during the test phase to induce incorrect predictions. The authors use a single attacker, multiple learner framework modeled as a multi-learner Stackelberg game.…”

Section: Adversarial Regressionmentioning

confidence: 99%

“…We also considered the optimization based attack by Tong et al [27], but it was unable to exact a noticeable increase in MSE even at a poisoning rate of 20%. Therefore we do not present experimental results for it.…”

Section: Threat Modelsmentioning

confidence: 99%

Defending Regression Learners Against Poisoning Attacks

Weerasinghe,

Erfani,

Alpcan

et al. 2020

Preprint

View full text Add to dashboard Cite

Regression models, which are widely used from engineering applications to financial forecasting, are vulnerable to targeted malicious attacks such as training data poisoning, through which adversaries can manipulate their predictions. Previous works that attempt to address this problem rely on assumptions about the nature of the attack/attacker or overestimate the knowledge of the learner, making them impractical. We introduce a novel Local Intrinsic Dimensionality (LID) based measure called N-LID that measures the local deviation of a given data point's LID with respect to its neighbors. We then show that N-LID can distinguish poisoned samples from normal samples and propose an N-LID based defense approach that makes no assumptions of the attacker. Through extensive numerical experiments with benchmark datasets, we show that the proposed defense mechanism outperforms the state of the art defenses in terms of prediction accuracy (up to 76% lower MSE compared to an undefended ridge model) and running time.

show abstract

Adversarial Coordination on Social Networks

Hajaj

Joveski

et al. 2018

Preprint

View full text Add to dashboard Cite

Adversarial Regression with Multiple Learners

Cited by 3 publications

References 14 publications

Knowing is Half the Battle: Enhancing Clean Data Accuracy of Adversarial Robust Deep Neural Networks via Dual-Model Bounded Divergence Gating

Knowing is Half the Battle: Enhancing Clean Data Accuracy of Adversarial Robust Deep Neural Networks via Dual-Model Bounded Divergence Gating

Defending Regression Learners Against Poisoning Attacks

Adversarial Coordination on Social Networks

Contact Info

Product

Resources

About