Evasion Attacks Against Bayesian Predictive Models
This addresses a security gap in adversarial machine learning for Bayesian models, which is an incremental advancement in the field.
The paper tackles the susceptibility of Bayesian predictive models to evasion attacks by introducing a general methodology for designing optimal attacks, achieving successful perturbations of point predictions and posterior distributions.
There is an increasing interest in analyzing the behavior of machine learning systems against adversarial attacks. However, most of the research in adversarial machine learning has focused on studying weaknesses against evasion or poisoning attacks to predictive models in classical setups, with the susceptibility of Bayesian predictive models to attacks remaining underexplored. This paper introduces a general methodology for designing optimal evasion attacks against such models. We investigate two adversarial objectives: perturbing specific point predictions and altering the entire posterior predictive distribution. For both scenarios, we propose novel gradient-based attacks and study their implementation and properties in various computational setups.