Paper published in a book (Scientific congresses, symposiums and conference proceedings)
A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space
Simonetto, Thibault Jean Angel; Dyrmishi, Salijona; Ghamizi, Salah et al.
2022In Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, IJCAI-22
Peer reviewed
 

Files


Full Text
2112.01156.pdf
Author preprint (377.49 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Computer Vision: Adversarial learning, adversarial attack and defense methods; Constraint Satisfaction and Optimization: Constraints and Machine Learning; Constraint Satisfaction and Optimization: Constraint Satisfaction; Constraint Satisfaction and Optimization: Constraint Optimization; Search: Evolutionary Computation
Abstract :
[en] The generation of feasible adversarial examples is necessary for properly assessing models that work in constrained feature space. However, it remains a challenging task to enforce constraints into attacks that were designed for computer vision. We propose a unified framework to generate feasible adversarial examples that satisfy given domain constraints. Our framework can handle both linear and non-linear constraints. We instantiate our framework into two algorithms: a gradient-based attack that introduces constraints in the loss function to maximize, and a multi-objective search algorithm that aims for misclassification, perturbation minimization, and constraint satisfaction. We show that our approach is effective in four different domains, with a success rate of up to 100%, where state-of-the-art attacks fail to generate a single feasible example. In addition to adversarial retraining, we propose to introduce engineered non-convex constraints to improve model adversarial robustness. We demonstrate that this new defense is as effective as adversarial retraining. Our framework forms the starting point for research on constrained adversarial attacks and provides relevant baselines and datasets that future research can exploit.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT)
Disciplines :
Computer science
Author, co-author :
Simonetto, Thibault Jean Angel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal
Dyrmishi, Salijona ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal
Ghamizi, Salah ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)
Cordy, Maxime  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal
Le Traon, Yves ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SerVal
External co-authors :
no
Language :
English
Title :
A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space
Publication date :
2022
Event name :
INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE
Event date :
from 23-07-2022 to 29-07-2022
Audience :
International
Main work title :
Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, IJCAI-22
Publisher :
International Joint Conferences on Artificial Intelligence Organization
ISBN/EAN :
978-1-956792-00-3
Pages :
1313-1319
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR14585105 - Search-based Adversarial Testing Under Domain-specific Constraints, 2020 (01/10/2020-30/09/2024) - Salijona Dyrmishi
Available on ORBilu :
since 12 December 2022

Statistics


Number of views
100 (11 by Unilu)
Number of downloads
37 (6 by Unilu)

Scopus citations®
 
0
Scopus citations®
without self-citations
0

Bibliography


Similar publications



Contact ORBilu