Attack Transferability Characterization for Adversarially Robust Multi-label Classification

Despite of the pervasive existence of multi-label evasion attack, it is an open yet essential problem to characterize the origin of the adversarial vulnerability of a multi-label learning system and assess its attackability. In this study, we focus on non-targeted evasion attack against multi-label classifiers. The goal of the threat is to cause misclassification with respect to as many labels as possible, with the same input perturbation. Our work gains in-depth understanding about the multi-label adversarial attack by first characterizing the transferability of the attack based on the functional properties of the multi-label classifier. We unveil how the transferability level of the attack determines the attackability of the classifier via establishing an information-theoretic analysis of the adversarial risk. Furthermore, we propose a transferability-centered attackability assessment, named Soft Attackability Estimator (SAE), to evaluate the intrinsic vulnerability level of the targeted multi-label classifier. This estimator is then integrated as a transferability-tuning regularization term into the multi-label learning paradigm to achieve adversarially robust classification. The experimental study on real-world data echoes the theoretical analysis and verify the validity of the transferability-regularized multi-label learning method.

Yang, Z., Han, Y., & Zhang, X. (2021). Attack Transferability Characterization for Adversarially Robust Multi-label Classification. Lecture Notes in Computer Science, 397–413. doi:10.1007/978-3-030-86523-8_24

Springer International Publishing

Conference/Event Name
European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, ECML PKDD 2021



Additional Links

Permanent link to this record

Version History

Now showing 1 - 2 of 2
2021-10-04 06:36:53
Published as conference paper.
2021-07-28 12:01:05
* Selected version