Adversarial Vulnerability Bounds for Gaussian Process Classification
This work addresses the critical need for provably robust classifiers in safety-critical systems, offering a formal guarantee rather than just empirical results.
The paper tackles the problem of adversarial vulnerability in safety-critical machine learning classifiers by proposing an adversarial bound for Gaussian process classifiers that guarantees robustness against confident misclassifications across the entire input domain, and demonstrates practical applicability through testing on various datasets.
Machine learning (ML) classification is increasingly used in safety-critical systems. Protecting ML classifiers from adversarial examples is crucial. We propose that the main threat is that of an attacker perturbing a confidently classified input to produce a confident misclassification. To protect against this we devise an adversarial bound (AB) for a Gaussian process classifier, that holds for the entire input domain, bounding the potential for any future adversarial method to cause such misclassification. This is a formal guarantee of robustness, not just an empirically derived result. We investigate how to configure the classifier to maximise the bound, including the use of a sparse approximation, leading to the method producing a practical, useful and provably robust classifier, which we test using a variety of datasets.