A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space

Thibault Simonetto; Salijona Dyrmishi; Salah Ghamizi; Maxime Cordy; Yves Le Traon

doi:10.24963/ijcai.2022/183

A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space

Thibault Simonetto, Salijona Dyrmishi, Salah Ghamizi, Maxime Cordy, Yves Le Traon

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Citations (Scopus)

Abstract

The generation of feasible adversarial examples is necessary for properly assessing models that work in constrained feature space. However, it remains a challenging task to enforce constraints into attacks that were designed for computer vision. We propose a unified framework to generate feasible adversarial examples that satisfy given domain constraints. Our framework can handle both linear and non-linear constraints. We instantiate our framework into two algorithms: a gradient-based attack that introduces constraints in the loss function to maximize, and a multi-objective search algorithm that aims for misclassification, perturbation minimization, and constraint satisfaction. We show that our approach is effective in four different domains, with a success rate of up to 100%, where state-of-the-art attacks fail to generate a single feasible example. In addition to adversarial retraining, we propose to introduce engineered non-convex constraints to improve model adversarial robustness. We demonstrate that this new defense is as effective as adversarial retraining. Our framework forms the starting point for research on constrained adversarial attacks and provides relevant baselines and datasets that future research can exploit.

Original language	English
Title of host publication	Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022
Editors	Luc De Raedt, Luc De Raedt
Publisher	International Joint Conferences on Artificial Intelligence
Pages	1313-1319
Number of pages	7
ISBN (Electronic)	9781956792003
DOIs	https://doi.org/10.24963/ijcai.2022/183
Publication status	Published - 2022
Externally published	Yes
Event	31st International Joint Conference on Artificial Intelligence, IJCAI 2022 - Vienna, Austria Duration: 23 Jul 2022 → 29 Jul 2022

Publication series

Name	IJCAI International Joint Conference on Artificial Intelligence
ISSN (Print)	1045-0823

Conference

Conference	31st International Joint Conference on Artificial Intelligence, IJCAI 2022
Country/Territory	Austria
City	Vienna
Period	23/07/22 → 29/07/22

Access to Document

10.24963/ijcai.2022/183

Cite this

Simonetto, T., Dyrmishi, S., Ghamizi, S., Cordy, M., & Le Traon, Y. (2022). A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space. In L. De Raedt, & L. De Raedt (Eds.), Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022 (pp. 1313-1319). (IJCAI International Joint Conference on Artificial Intelligence). International Joint Conferences on Artificial Intelligence. https://doi.org/10.24963/ijcai.2022/183

Simonetto, Thibault ; Dyrmishi, Salijona ; Ghamizi, Salah et al. / A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space. Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022. editor / Luc De Raedt ; Luc De Raedt. International Joint Conferences on Artificial Intelligence, 2022. pp. 1313-1319 (IJCAI International Joint Conference on Artificial Intelligence).

@inproceedings{becb0b2ec4a440998402c8bd57e78843,

title = "A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space",

abstract = "The generation of feasible adversarial examples is necessary for properly assessing models that work in constrained feature space. However, it remains a challenging task to enforce constraints into attacks that were designed for computer vision. We propose a unified framework to generate feasible adversarial examples that satisfy given domain constraints. Our framework can handle both linear and non-linear constraints. We instantiate our framework into two algorithms: a gradient-based attack that introduces constraints in the loss function to maximize, and a multi-objective search algorithm that aims for misclassification, perturbation minimization, and constraint satisfaction. We show that our approach is effective in four different domains, with a success rate of up to 100%, where state-of-the-art attacks fail to generate a single feasible example. In addition to adversarial retraining, we propose to introduce engineered non-convex constraints to improve model adversarial robustness. We demonstrate that this new defense is as effective as adversarial retraining. Our framework forms the starting point for research on constrained adversarial attacks and provides relevant baselines and datasets that future research can exploit.",

author = "Thibault Simonetto and Salijona Dyrmishi and Salah Ghamizi and Maxime Cordy and {Le Traon}, Yves",

note = "Publisher Copyright: {\textcopyright} 2022 International Joint Conferences on Artificial Intelligence. All rights reserved.; 31st International Joint Conference on Artificial Intelligence, IJCAI 2022 ; Conference date: 23-07-2022 Through 29-07-2022",

year = "2022",

doi = "10.24963/ijcai.2022/183",

language = "English",

series = "IJCAI International Joint Conference on Artificial Intelligence",

publisher = "International Joint Conferences on Artificial Intelligence",

pages = "1313--1319",

editor = "{De Raedt}, Luc and {De Raedt}, Luc",

booktitle = "Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022",

address = "United States",

}

Simonetto, T, Dyrmishi, S, Ghamizi, S, Cordy, M & Le Traon, Y 2022, A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space. in L De Raedt & L De Raedt (eds), Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022. IJCAI International Joint Conference on Artificial Intelligence, International Joint Conferences on Artificial Intelligence, pp. 1313-1319, 31st International Joint Conference on Artificial Intelligence, IJCAI 2022, Vienna, Austria, 23/07/22. https://doi.org/10.24963/ijcai.2022/183

A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space. / Simonetto, Thibault; Dyrmishi, Salijona; Ghamizi, Salah et al.
Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022. ed. / Luc De Raedt; Luc De Raedt. International Joint Conferences on Artificial Intelligence, 2022. p. 1313-1319 (IJCAI International Joint Conference on Artificial Intelligence).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space

AU - Simonetto, Thibault

AU - Dyrmishi, Salijona

AU - Ghamizi, Salah

AU - Cordy, Maxime

AU - Le Traon, Yves

PY - 2022

Y1 - 2022

N2 - The generation of feasible adversarial examples is necessary for properly assessing models that work in constrained feature space. However, it remains a challenging task to enforce constraints into attacks that were designed for computer vision. We propose a unified framework to generate feasible adversarial examples that satisfy given domain constraints. Our framework can handle both linear and non-linear constraints. We instantiate our framework into two algorithms: a gradient-based attack that introduces constraints in the loss function to maximize, and a multi-objective search algorithm that aims for misclassification, perturbation minimization, and constraint satisfaction. We show that our approach is effective in four different domains, with a success rate of up to 100%, where state-of-the-art attacks fail to generate a single feasible example. In addition to adversarial retraining, we propose to introduce engineered non-convex constraints to improve model adversarial robustness. We demonstrate that this new defense is as effective as adversarial retraining. Our framework forms the starting point for research on constrained adversarial attacks and provides relevant baselines and datasets that future research can exploit.

AB - The generation of feasible adversarial examples is necessary for properly assessing models that work in constrained feature space. However, it remains a challenging task to enforce constraints into attacks that were designed for computer vision. We propose a unified framework to generate feasible adversarial examples that satisfy given domain constraints. Our framework can handle both linear and non-linear constraints. We instantiate our framework into two algorithms: a gradient-based attack that introduces constraints in the loss function to maximize, and a multi-objective search algorithm that aims for misclassification, perturbation minimization, and constraint satisfaction. We show that our approach is effective in four different domains, with a success rate of up to 100%, where state-of-the-art attacks fail to generate a single feasible example. In addition to adversarial retraining, we propose to introduce engineered non-convex constraints to improve model adversarial robustness. We demonstrate that this new defense is as effective as adversarial retraining. Our framework forms the starting point for research on constrained adversarial attacks and provides relevant baselines and datasets that future research can exploit.

UR - http://www.scopus.com/inward/record.url?scp=85137932601&partnerID=8YFLogxK

U2 - 10.24963/ijcai.2022/183

DO - 10.24963/ijcai.2022/183

M3 - Conference contribution

AN - SCOPUS:85137932601

T3 - IJCAI International Joint Conference on Artificial Intelligence

SP - 1313

EP - 1319

BT - Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022

A2 - De Raedt, Luc

PB - International Joint Conferences on Artificial Intelligence

T2 - 31st International Joint Conference on Artificial Intelligence, IJCAI 2022

Y2 - 23 July 2022 through 29 July 2022

ER -

Simonetto T, Dyrmishi S, Ghamizi S, Cordy M, Le Traon Y. A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space. In De Raedt L, De Raedt L, editors, Proceedings of the 31st International Joint Conference on Artificial Intelligence, IJCAI 2022. International Joint Conferences on Artificial Intelligence. 2022. p. 1313-1319. (IJCAI International Joint Conference on Artificial Intelligence). doi: 10.24963/ijcai.2022/183

A Unified Framework for Adversarial Attack and Defense in Constrained Feature Space

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this