An Efficient Method for Sample Adversarial Perturbations against Nonlinear Support Vector Machines
This addresses a specific security vulnerability in nonlinear SVMs, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the difficulty of computing explicit adversarial perturbations for nonlinear support vector machines (SVMs) by transforming the attack optimization into a nonlinear KKT system, which numerical results show is efficient in computation.
Adversarial perturbations have drawn great attentions in various machine learning models. In this paper, we investigate the sample adversarial perturbations for nonlinear support vector machines (SVMs). Due to the implicit form of the nonlinear functions mapping data to the feature space, it is difficult to obtain the explicit form of the adversarial perturbations. By exploring the special property of nonlinear SVMs, we transform the optimization problem of attacking nonlinear SVMs into a nonlinear KKT system. Such a system can be solved by various numerical methods. Numerical results show that our method is efficient in computing adversarial perturbations.