Countering adversarial evasion in regression analysis

• URL: http://arxiv.org/abs/2509.22113v1
• Date: Fri, 26 Sep 2025 09:35:26 GMT
• Title: Countering adversarial evasion in regression analysis
• Authors: David Benfield, Phan Tu Vuong, Alain Zemkoho,
• Abstract summary: Adversarial evasion considers scenarios where adversaries adapt their data to influence particular outcomes from established prediction models.<n>This article serves to propose a pessimistic bilevel optimisation program for regression scenarios.
• Score: 0.7136933021609079
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Adversarial machine learning challenges the assumption that the underlying distribution remains consistent throughout the training and implementation of a prediction model. In particular, adversarial evasion considers scenarios where adversaries adapt their data to influence particular outcomes from established prediction models, such scenarios arise in applications such as spam email filtering, malware detection and fake-image generation, where security methods must be actively updated to keep up with the ever-improving generation of malicious data. Game theoretic models have been shown to be effective at modelling these scenarios and hence training resilient predictors against such adversaries. Recent advancements in the use of pessimistic bilevel optimsiation which remove assumptions about the convexity and uniqueness of the adversary's optimal strategy have proved to be particularly effective at mitigating threats to classifiers due to its ability to capture the antagonistic nature of the adversary. However, this formulation has not yet been adapted to regression scenarios. This article serves to propose a pessimistic bilevel optimisation program for regression scenarios which makes no assumptions on the convexity or uniqueness of the adversary's solutions.

Related papers

• Adversarial training with restricted data manipulation [2.3507462809293953]
  Pessimistic Bilevel optimisation has been shown to be an effective method of training resilient classifiers against adversaries.<n>We present a constrained pessimistic bilevel optimisation model.<n>We demonstrate through experiments that this model performs, on average, better than the existing approach.
  arXiv  Detail & Related papers  (2025-09-26T09:17:57Z)
• Towards Unveiling Predictive Uncertainty Vulnerabilities in the Context of the Right to Be Forgotten [16.03102654663785]
  We propose a new class of malicious unlearning attacks against predictive uncertainties.<n>Our experiments show that our attacks are more effective in manipulating predictive uncertainties than traditional attacks.
  arXiv  Detail & Related papers  (2025-08-10T19:08:18Z)
• Preliminary Investigation into Uncertainty-Aware Attack Stage Classification [81.28215542218724]
  This work addresses the problem of attack stage inference under uncertainty.<n>We propose a classification approach based on Evidential Deep Learning (EDL), which models predictive uncertainty by outputting parameters of a Dirichlet distribution over possible stages.<n>Preliminary experiments in a simulated environment demonstrate that the proposed model can accurately infer the stage of an attack with confidence.
  arXiv  Detail & Related papers  (2025-08-01T06:58:00Z)
• Exploiting Edge Features for Transferable Adversarial Attacks in Distributed Machine Learning [54.26807397329468]
  This work explores a previously overlooked vulnerability in distributed deep learning systems.<n>An adversary who intercepts the intermediate features transmitted between them can still pose a serious threat.<n>We propose an exploitation strategy specifically designed for distributed settings.
  arXiv  Detail & Related papers  (2025-07-09T20:09:00Z)
• Robust Optimization with Diffusion Models for Green Security [49.68562792424776]
  In green security, defenders must forecast adversarial behavior, such as poaching, illegal logging, and illegal fishing, to plan effective patrols.<n>We propose a conditional diffusion model for adversary behavior modeling, leveraging its strong distribution-fitting capabilities.<n>We introduce a mixed strategy of mixed strategies and employ a twisted Sequential Monte Carlo (SMC) sampler for accurate sampling.
  arXiv  Detail & Related papers  (2025-02-19T05:30:46Z)
• Classification under strategic adversary manipulation using pessimistic bilevel optimisation [2.6505619784178047]
  Adversarial machine learning concerns situations in which learners face attacks from active adversaries. Such scenarios arise in applications such as spam email filtering, malware detection and fake-image generation. We model these interactions between the learner and the adversary as a game and formulate the problem as a pessimistic bilevel optimisation problem.
  arXiv  Detail & Related papers  (2024-10-26T22:27:21Z)
• MirrorCheck: Efficient Adversarial Defense for Vision-Language Models [55.73581212134293]
  We propose a novel, yet elegantly simple approach for detecting adversarial samples in Vision-Language Models. Our method leverages Text-to-Image (T2I) models to generate images based on captions produced by target VLMs. Empirical evaluations conducted on different datasets validate the efficacy of our approach.
  arXiv  Detail & Related papers  (2024-06-13T15:55:04Z)
• Certified Human Trajectory Prediction [66.1736456453465]
  We propose a certification approach tailored for trajectory prediction that provides guaranteed robustness.<n>To mitigate the inherent performance drop through certification, we propose a diffusion-based trajectory denoiser and integrate it into our method.<n>We demonstrate the accuracy and robustness of the certified predictors and highlight their advantages over the non-certified ones.
  arXiv  Detail & Related papers  (2024-03-20T17:41:35Z)
• Conformalized Selective Regression [2.3964255330849356]
  We propose a novel approach to selective regression by leveraging conformal prediction. We show how our proposed approach, conformalized selective regression, demonstrates an advantage over multiple state-of-the-art baselines.
  arXiv  Detail & Related papers  (2024-02-26T04:43:50Z)
• Mutual-modality Adversarial Attack with Semantic Perturbation [81.66172089175346]
  We propose a novel approach that generates adversarial attacks in a mutual-modality optimization scheme. Our approach outperforms state-of-the-art attack methods and can be readily deployed as a plug-and-play solution.
  arXiv  Detail & Related papers  (2023-12-20T05:06:01Z)
• Adversarial Attacks Against Uncertainty Quantification [10.655660123083607]
  This work focuses on a different adversarial scenario in which the attacker is still interested in manipulating the uncertainty estimate. In particular, the goal is to undermine the use of machine-learning models when their outputs are consumed by a downstream module or by a human operator.
  arXiv  Detail & Related papers  (2023-09-19T12:54:09Z)
• Trust but Verify: Assigning Prediction Credibility by Counterfactual Constrained Learning [123.3472310767721]
  Prediction credibility measures are fundamental in statistics and machine learning. These measures should account for the wide variety of models used in practice. The framework developed in this work expresses the credibility as a risk-fit trade-off.
  arXiv  Detail & Related papers  (2020-11-24T19:52:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.