Adversarial Deep Learning with Stackelberg Games

Deep networks are vulnerable to adversarial attacks from malicious adversaries. Currently, many adversarial learning algorithms are designed to exploit such vulnerabilities in deep networks. These methods focus on attacking and retraining deep networks with adversarial examples to do either feature...

Full description

Saved in:
Bibliographic Details
Published inNeural Information Processing pp. 3 - 12
Main Authors Sreevallabh Chivukula, Aneesh, Yang, Xinghao, Liu, Wei
Format Book Chapter
LanguageEnglish
Published Cham Springer International Publishing
SeriesCommunications in Computer and Information Science
Online AccessGet full text

Cover

Loading…
More Information
Summary:Deep networks are vulnerable to adversarial attacks from malicious adversaries. Currently, many adversarial learning algorithms are designed to exploit such vulnerabilities in deep networks. These methods focus on attacking and retraining deep networks with adversarial examples to do either feature manipulation or label manipulation or both. In this paper, we propose a new adversarial learning algorithm for finding adversarial manipulations to deep networks. We formulate adversaries who optimize game-theoretic payoff functions on deep networks doing multi-label classifications. We model the interactions between a classifier and an adversary from a game-theoretic perspective and formulate their strategies into a Stackelberg game associated with a two-player problem. Then we design algorithms to solve for the Nash equilibrium, which is a pair of strategies from which there is no incentive for either the classifier or the adversary to deviate. In designing attack scenarios, the adversary’s objective is to deliberately make small changes to test data such that attacked samples are undetected. Our results illustrate that game-theoretic modelling is significantly effective in securing deep learning models against performance vulnerabilities attached by intelligent adversaries.
ISBN:9783030368074
3030368076
ISSN:1865-0929
1865-0937
DOI:10.1007/978-3-030-36808-1_1