Optimization Models and Interpretations for Three Types of Adversarial Perturbations against Support Vector Machines
This work addresses the lack of attention to adversarial attacks on basic machine learning models like SVMs, providing interpretable and efficient methods, though it is incremental as it adapts existing adversarial concepts to SVMs.
The paper tackles the problem of generating adversarial perturbations for support vector machines (SVMs), deriving explicit solutions for three types of perturbations to improve interpretability and computational efficiency, with numerical results showing fast and effective performance.
Adversarial perturbations have drawn great attentions in various deep neural networks. Most of them are computed by iterations and cannot be interpreted very well. In contrast, little attentions are paid to basic machine learning models such as support vector machines. In this paper, we investigate the optimization models and the interpretations for three types of adversarial perturbations against support vector machines, including sample-adversarial perturbations (sAP), class-universal adversarial perturbations (cuAP) as well as universal adversarial perturbations (uAP). For linear binary/multi classification support vector machines (SVMs), we derive the explicit solutions for sAP, cuAP and uAP (binary case), and approximate solution for uAP of multi-classification. We also obtain the upper bound of fooling rate for uAP. Such results not only increase the interpretability of the three adversarial perturbations, but also provide great convenience in computation since iterative process can be avoided. Numerical results show that our method is fast and effective in calculating three types of adversarial perturbations.