Adversarial Classification via Distributional Robustness with Wasserstein Ambiguity
This work addresses adversarial robustness in classification, providing a theoretical and computational framework that is incremental, building on prior models like maximum-margin classifiers.
The paper tackles adversarial classification by proposing a distributionally robust model with Wasserstein ambiguity, which minimizes the conditional value-at-risk of misclassification distance and is equivalent to regularized ramp loss minimization for linear classification. Numerical experiments suggest convergence to global minimizers, and theoretical analysis shows unique stationary points for certain distributions.
We study a model for adversarial classification based on distributionally robust chance constraints. We show that under Wasserstein ambiguity, the model aims to minimize the conditional value-at-risk of the distance to misclassification, and we explore links to adversarial classification models proposed earlier and to maximum-margin classifiers. We also provide a reformulation of the distributionally robust model for linear classification, and show it is equivalent to minimizing a regularized ramp loss objective. Numerical experiments show that, despite the nonconvexity of this formulation, standard descent methods appear to converge to the global minimizer for this problem. Inspired by this observation, we show that, for a certain class of distributions, the only stationary point of the regularized ramp loss minimization problem is the global minimizer.