Countering adversarial evasion in regression analysis

Adversarial machine learning challenges the assumption that the underlying distribution remains consistent throughout the training and implementation of a prediction model. In particular, adversarial evasion considers scenarios where adversaries adapt their data to influence particular outcomes from established prediction models, such scenarios arise in applications such as spam email filtering, malware detection and fake-image generation, where security methods must be actively updated to keep up with the ever-improving generation of malicious data. Game theoretic models have been shown to be effective at modelling these scenarios and hence training resilient predictors against such adversaries. Recent advancements in the use of pessimistic bilevel optimsiation which remove assumptions about the convexity and uniqueness of the adversary's optimal strategy have proved to be particularly effective at mitigating threats to classifiers due to its ability to capture the antagonistic nature of the adversary. However, this formulation has not yet been adapted to regression scenarios. This article serves to propose a pessimistic bilevel optimisation program for regression scenarios which makes no assumptions on the convexity or uniqueness of the adversary's solutions.

Key Contributions

• Extends pessimistic bilevel optimization (Stackelberg leader-follower games) from classification to regression adversarial evasion scenarios
• Removes convexity and uniqueness assumptions on the adversary's optimal strategy, better capturing antagonistic behavior
• Introduces lower-level constraints on adversary movement to prevent unrealistic drastic data transformations

🛡️ Threat Analysis

Details

Similar Papers