混合分类器的对抗攻击

Jul, 2023

Adversarial attacks for mixtures of classifiers

Lucas Gnecco Heredia, Benjamin Negrevergne, Yann Chevaleyre

TL;DR对混合分类器的攻击进行了几何分析，介绍了两个理想的攻击属性（有效性和最大性），并证明了现有的攻击方法不满足这两个属性。最后，介绍了一种具有理论保证的新攻击方法称为格攀攻击，并通过对合成和真实数据集的实验展示了其性能。

Abstract

mixtures of classifiers (a.k.a. randomized ensembles) have been proposed as a way to improve robustness against adversarial attacks. However, it has been shown that existing attacks are not well suited for this k