2021 IEEE International Conference on Acoustics, Speech and Signal Processing
6-11 June 2021 • Toronto, Ontario, Canada
Extracting Knowledge from Information
| Paper ID | MLSP-39.1 | ||
| Paper Title | Adversarial Learning via Probabilistic Proximity Analysis | ||
| Authors | Jarrod Hollis, Jinsub Kim, Raviv Raich, Oregon State University, United States | ||
| Session | MLSP-39: Adversarial Machine Learning | ||
| Location | Gather.Town | ||
| Session Time: | Friday, 11 June, 11:30 - 12:15 | ||
| Presentation Time: | Friday, 11 June, 11:30 - 12:15 | ||
| Presentation | Poster | ||
| Topic | Machine Learning for Signal Processing: [MLR-DEEP] Deep learning techniques | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | We consider the problem of designing a robust classifier in the presence of an adversary who aims to degrade classification performance by elaborately falsifying the test instance. We propose a model-agnostic defense approach wherein the true class label of the falsified instance is inferred by analyzing its proximity to each class as measured based on class-conditional data distributions. We present a k-nearest neighbors type approach to perform a sample-based approximation of the aforementioned probabilistic proximity analysis. The proposed approach is evaluated on three different real-world datasets in a game-theoretic setting, in which the adversary is assumed to optimize the attack design against the employed defense approach. In the game-theoretic evaluation, the proposed defense approach significantly outperforms benchmarks in various attack scenarios, demonstrating its efficacy against optimally designed attacks. | ||