Interpreting Vulnerabilities of Multi-Instance Learning to Adversarial Perturbations
This addresses security risks in MIL applications like image analysis and text classification, but it is incremental as it extends adversarial attack methods to a specific learning paradigm.
The paper tackles the vulnerability of Multi-Instance Learning (MIL) methods to adversarial perturbations by proposing two algorithms to generate such perturbations, showing they can fool state-of-the-art MIL methods effectively.
Multi-Instance Learning (MIL) is a recent machine learning paradigm which is immensely useful in various real-life applications, like image analysis, video anomaly detection, text classification, etc. It is well known that most of the existing machine learning classifiers are highly vulnerable to adversarial perturbations. Since MIL is a weakly supervised learning, where information is available for a set of instances, called bag and not for every instances, adversarial perturbations can be fatal. In this paper, we have proposed two adversarial perturbation methods to analyze the effect of adversarial perturbations to interpret the vulnerability of MIL methods. Out of the two algorithms, one can be customized for every bag, and the other is a universal one, which can affect all bags in a given data set and thus has some generalizability. Through simulations, we have also shown the effectiveness of the proposed algorithms to fool the state-of-the-art (SOTA) MIL methods. Finally, we have discussed through experiments, about taking care of these kind of adversarial perturbations through a simple strategy. Source codes are available at https://github.com/InkiInki/MI-UAP.