A Framework for Verification of Wasserstein Adversarial Robustness

10/13/2021
by   Tobias Wegel, et al.
0

Machine learning image classifiers are susceptible to adversarial and corruption perturbations. Adding imperceptible noise to images can lead to severe misclassifications of the machine learning model. Using L_p-norms for measuring the size of the noise fails to capture human similarity perception, which is why optimal transport based distance measures like the Wasserstein metric are increasingly being used in the field of adversarial robustness. Verifying the robustness of classifiers using the Wasserstein metric can be achieved by proving the absence of adversarial examples (certification) or proving their presence (attack). In this work we present a framework based on the work by Levine and Feizi, which allows us to transfer existing certification methods for convex polytopes or L_1-balls to the Wasserstein threat model. The resulting certification can be complete or incomplete, depending on whether convex polytopes or L_1-balls were chosen. Additionally, we present a new Wasserstein adversarial attack that is projected gradient descent based and which has a significantly reduced computational burden compared to existing attack approaches.

READ FULL TEXT

page 6

page 9

research
03/22/2023

Wasserstein Adversarial Examples on Univariant Time Series Data

Adversarial examples are crafted by adding indistinguishable perturbatio...
research
10/23/2019

Wasserstein Smoothing: Certified Robustness against Wasserstein Adversarial Attacks

In the last couple of years, several adversarial attack methods based on...
research
02/21/2019

Wasserstein Adversarial Examples via Projected Sinkhorn Iterations

A rapidly growing area of work has studied the existence of adversarial ...
research
08/06/2020

Stronger and Faster Wasserstein Adversarial Attacks

Deep models, while being extremely flexible and accurate, are surprising...
research
07/19/2023

Revisiting invariances and introducing priors in Gromov-Wasserstein distances

Gromov-Wasserstein distance has found many applications in machine learn...
research
01/22/2022

The Many Faces of Adversarial Risk

Adversarial risk quantifies the performance of classifiers on adversaria...
research
05/28/2020

Adversarial Classification via Distributional Robustness with Wasserstein Ambiguity

We study a model for adversarial classification based on distributionall...

Please sign up or login with your details

Forgot password? Click here to reset