An Optimal Control View of Adversarial Machine Learning
This work provides a theoretical framework for adversarial machine learning researchers, but it is incremental as it reframes existing concepts without new empirical results.
The paper frames adversarial machine learning as an optimal control problem, where the adversary's actions are inputs to a dynamical system representing the learner, with control costs based on harm and detectability. This unified view covers various attack types like test-item attacks and data poisoning, and encourages leveraging control theory and reinforcement learning advances.
I describe an optimal control view of adversarial machine learning, where the dynamical system is the machine learner, the input are adversarial actions, and the control costs are defined by the adversary's goals to do harm and be hard to detect. This view encompasses many types of adversarial machine learning, including test-item attacks, training-data poisoning, and adversarial reward shaping. The view encourages adversarial machine learning researcher to utilize advances in control theory and reinforcement learning.