Mixed Nash Equilibria in the Adversarial Examples Game
This addresses the adversarial robustness problem for machine learning models, providing a foundational game-theoretic framework, but it is incremental as it builds on prior work by extending randomization to both players.
The paper tackles the problem of adversarial examples by studying the existence of mixed Nash equilibria in a zero-sum game between attacker and classifier, showing that randomization for both players is necessary and that the game has no duality gap, always admitting approximate equilibria.
This paper tackles the problem of adversarial examples from a game theoretic point of view. We study the open question of the existence of mixed Nash equilibria in the zero-sum game formed by the attacker and the classifier. While previous works usually allow only one player to use randomized strategies, we show the necessity of considering randomization for both the classifier and the attacker. We demonstrate that this game has no duality gap, meaning that it always admits approximate Nash equilibria. We also provide the first optimization algorithms to learn a mixture of classifiers that approximately realizes the value of this game, \emph{i.e.} procedures to build an optimally robust randomized classifier.