Timezone: »

 
Poster
Adversarial Examples for k-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams
Chawin Sitawarin · Evgenios Kornaropoulos · Dawn Song · David Wagner

Tue Dec 07 08:30 AM -- 10:00 AM (PST) @
in Poster Session 1 »
Adversarial examples are a widely studied phenomenon in machine learning models. While most of the attention has been focused on neural networks, other practical models also suffer from this issue. In this work, we propose an algorithm for evaluating the adversarial robustness of $k$-nearest neighbor classification, i.e., finding a minimum-norm adversarial example. Diverging from previous proposals, we propose the first geometric approach by performing a search that expands outwards from a given input point. On a high level, the search radius expands to the nearby higher-order Voronoi cells until we find a cell that classifies differently from the input point. To scale the algorithm to a large $k$, we introduce approximation steps that find perturbation with smaller norm, compared to the baselines, in a variety of datasets. Furthermore, we analyze the structural properties of a dataset where our approach outperforms the competition.
Keywords: Deep Learning · Machine Learning · Robustness · Adversarial Robustness and Security

Author Information

Chawin Sitawarin (University of California, Berkeley)
Evgenios Kornaropoulos (George Mason University)
Dawn Song (UC Berkeley)
David Wagner (University of California Berkeley)

More from the Same Authors