This is the latest version of this eprint.
Smith, M.T., Grosse, K., Backes, M. et al. (1 more author) (2023) Adversarial vulnerability bounds for Gaussian process classification. Machine Learning, 112 (3). pp. 971-1009. ISSN 0885-6125
Abstract
Protecting ML classifiers from adversarial examples is crucial. We propose that the main threat is an attacker perturbing a confidently classified input to produce a confident misclassification. We consider in this paper the L0 attack in which a small number of inputs can be perturbed by the attacker at test-time. To quantify the risk of this form of attack we have devised a formal guarantee in the form of an adversarial bound (AB) for a binary, Gaussian process classifier using the EQ kernel. This bound holds for the entire input domain, bounding the potential of any future adversarial attack to cause a confident misclassification. We explore how to extend to other kernels and investigate how to maximise the bound by altering the classifier (for example by using sparse approximations). We test the bound using a variety of datasets and show that it produces relevant and practical bounds for many of them.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © The Author(s) 2022. Open Access: This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/. |
Keywords: | Machine learning; Gaussian process; Adversarial example; Bound; Classification; Gaussian process classification |
Dates: |
|
Institution: | The University of Sheffield |
Academic Units: | The University of Sheffield > Faculty of Engineering (Sheffield) > Department of Computer Science (Sheffield) |
Funding Information: | Funder Grant number ENGINEERING AND PHYSICAL SCIENCE RESEARCH COUNCIL EP/N014162/1 |
Depositing User: | Symplectic Sheffield |
Date Deposited: | 25 Nov 2022 17:19 |
Last Modified: | 14 Mar 2023 14:00 |
Status: | Published |
Publisher: | Springer Science and Business Media LLC |
Refereed: | Yes |
Identification Number: | 10.1007/s10994-022-06224-6 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:193801 |
Available Versions of this Item
-
Adversarial vulnerability bounds for Gaussian process classification. (deposited 17 Jan 2020 13:57)
- Adversarial vulnerability bounds for Gaussian process classification. (deposited 25 Nov 2022 17:19) [Currently Displayed]