Evading classifiers in discrete domains with provable optimality guarantees

Add code
Oct 25, 2018
Bogdan Kulynych, Jamie Hayes, Nikita Samarin, Carmela Troncoso
Figure 1 for Evading classifiers in discrete domains with provable optimality guarantees
Figure 2 for Evading classifiers in discrete domains with provable optimality guarantees
Figure 3 for Evading classifiers in discrete domains with provable optimality guarantees
Figure 4 for Evading classifiers in discrete domains with provable optimality guarantees

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Security-critical applications such as malware, fraud, or spam detection, require machine learning models that operate on examples from constrained discrete domains. In these settings, gradient-based attacks that rely on adding perturbations often fail to produce adversarial examples that meet the domain constraints, and thus are not effective. We introduce a graphical framework that (1) formalizes existing attacks in discrete domains, (2) efficiently produces valid adversarial examples with guarantees of minimal cost, and (3) can accommodate complex cost functions beyond the commonly used p-norm. We demonstrate the effectiveness of this method by crafting adversarial examples that evade a Twitter bot detection classifier using a provably minimal number of changes.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon