A Game-Theoretic Approach to Adversarial Linear Support Vector Classification
This addresses the problem of adversarial robustness in machine learning for practitioners, but it is incremental as it builds on existing game-theoretic and SVM methods.
The paper tackles the problem of adversarial attacks on linear support vector machine classifiers by modeling the interaction between an adversary and a classifier as a game, resulting in a robust classifier that is demonstrated on synthetic and real-world datasets.
In this paper, we employ a game-theoretic model to analyze the interaction between an adversary and a classifier. There are two classes (i.e., positive and negative classes) to which data points can belong. The adversary is interested in maximizing the probability of miss-detection for the positive class (i.e., false negative probability). The adversary however does not want to significantly modify the data point so that it still maintains favourable traits of the original class. The classifier, on the other hand, is interested in maximizing the probability of correct detection for the positive class (i.e., true positive probability) subject to a lower-bound on the probability of correct detection for the negative class (i.e., true negative probability). For conditionally Gaussian data points (conditioned on the class) and linear support vector machine classifiers, we rewrite the optimization problems of the adversary and the classifier as convex optimization problems and use best response dynamics to learn an equilibrium of the game. This results in computing a linear support vector machine classifier that is robust against adversarial input manipulations. We illustrate the framework on a synthetic dataset and a public Cardiovascular Disease dataset.