Timezone: »
Research in adversarial learning follows a cat and mouse game between attackers and defenders where attacks are proposed, they are mitigated by new defenses, and subsequently new attacks are proposed that break earlier defenses, and so on. However, it has remained unclear as to whether there are conditions under which no better attacks or defenses can be proposed. In this paper, we propose a game-theoretic framework for studying attacks and defenses which exist in equilibrium. Under a locally linear decision boundary model for the underlying binary classifier, we prove that the Fast Gradient Method attack and a Randomized Smoothing defense form a Nash Equilibrium. We then show how this equilibrium defense can be approximated given finitely many samples from a data-generating distribution, and derive a generalization bound for the performance of our approximation.
Author Information
Ambar Pal (Johns Hopkins University)
Rene Vidal (Mathematical Institute for Data Science, Johns Hopkins University, USA)
More from the Same Authors
-
2022 Poster: Global Linear and Local Superlinear Convergence of IRLS for Non-Smooth Robust Regression »
Liangzu Peng · Christian Kümmerle · Rene Vidal -
2020 Poster: A novel variational form of the Schatten-$p$ quasi-norm »
Paris Giampouras · Rene Vidal · Athanasios Rontogiannis · Benjamin Haeffele -
2020 Poster: Conformal Symplectic and Relativistic Optimization »
Guilherme Franca · Jeremias Sulam · Daniel Robinson · Rene Vidal -
2020 Spotlight: Conformal Symplectic and Relativistic Optimization »
Guilherme Franca · Jeremias Sulam · Daniel Robinson · Rene Vidal -
2019 : Keynote I – Rene Vidal (Johns Hopkins University) »
René Vidal -
2019 Poster: A Linearly Convergent Method for Non-Smooth Non-Convex Optimization on the Grassmannian with Applications to Robust Subspace and Dictionary Learning »
Zhihui Zhu · Tianyu Ding · Daniel Robinson · Manolis Tsakiris · René Vidal -
2018 Poster: Dual Principal Component Pursuit: Improved Analysis and Efficient Algorithms »
Zhihui Zhu · Yifan Wang · Daniel Robinson · Daniel Naiman · René Vidal · Manolis Tsakiris -
2012 Poster: Finding Exemplars from Pairwise Dissimilarities via Simultaneous Sparse Recovery »
Ehsan Elhamifar · Guillermo Sapiro · René Vidal -
2011 Poster: Sparse Manifold Clustering and Embedding »
Ehsan Elhamifar · René Vidal -
2006 Poster: Online Clustering of Moving Subspaces »
René Vidal