Accepted Papers

Attackability Characterization of Adversarial Evasion Attack on Discrete Data

Yutong Wang: King Abdullah University of Science and Technology; Yufei Han: NortonLifelock Research Group; Hongyan Bao: King Abdullah University of Science and Technology; Yun Shen: NortonLifelock Research Group; Fenglong Ma: Penn State University; Jin Li: Guangzhou Univeristy; Xiangliang Zhang: King Abdullah University of Science and Technology


Evasion attack on discrete data is a challenging, while practically interesting research topic. It is intrinsically an NP-hard combinatorial optimization problem. Characterizing the conditions guaranteeing the solvability of an evasion attack task thus becomes the key to understand the adversarial threat. Our study is inspired by the weak submodularity theory. We characterize the attackability of a targeted classifier on discrete data in evasion attack by bridging the attackability measurement and the regularity of the targeted classifier. Based on our attackability analysis, we propose a computationally efficient orthogonal matching pursuit-guided attack method for evasion attack on discrete data. It provides provably computational efficiency and attack performances. Substantial experimental results on real-world datasets validate the proposed attackability conditions and the effectiveness of the proposed attack method.

How can we assist you?

We'll be updating the website as information becomes available. If you have a question that requires immediate attention, please feel free to contact us. Thank you!

Please enter the word you see in the image below: