A Unified Bilevel Model for Adversarial Learning and A Case Study

• URL: http://arxiv.org/abs/2510.25121v1
• Date: Wed, 29 Oct 2025 02:58:21 GMT
• Title: A Unified Bilevel Model for Adversarial Learning and A Case Study
• Authors: Yutong Zheng, Qingna Li,
• Abstract summary: We propose a unified bilevel model for adversarial learning.<n>We investigate the adversarial attack in clustering models and interpret it from data point of view.
• Score: 1.745087906191406
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Adversarial learning has been attracting more and more attention thanks to the fast development of machine learning and artificial intelligence. However, due to the complicated structure of most machine learning models, the mechanism of adversarial attacks is not well interpreted. How to measure the effect of attack is still not quite clear. In this paper, we propose a unified bilevel model for adversarial learning. We further investigate the adversarial attack in clustering models and interpret it from data perturbation point of view. We reveal that when the data perturbation is relatively small, the clustering model is robust, whereas if it is relatively large, the clustering result changes, which leads to an attack. To measure the effect of attacks for clustering models, we analyse the well-definedness of the so-called $\delta$-measure, which can be used in the proposed bilevel model for adversarial learning of clustering models.

Related papers

• Exploiting Edge Features for Transferable Adversarial Attacks in Distributed Machine Learning [54.26807397329468]
  This work explores a previously overlooked vulnerability in distributed deep learning systems.<n>An adversary who intercepts the intermediate features transmitted between them can still pose a serious threat.<n>We propose an exploitation strategy specifically designed for distributed settings.
  arXiv  Detail & Related papers  (2025-07-09T20:09:00Z)
• A Robust Adversarial Ensemble with Causal (Feature Interaction) Interpretations for Image Classification [9.945272787814941]
  We present a deep ensemble model that combines discriminative features with generative models to achieve both high accuracy and adversarial robustness.<n>Our approach integrates a bottom-level pre-trained discriminative network for feature extraction with a top-level generative classification network that models adversarial input distributions.
  arXiv  Detail & Related papers  (2024-12-28T05:06:20Z)
• Enhancing Adversarial Robustness through Multi-Objective Representation Learning [1.534667887016089]
  Deep neural networks (DNNs) are vulnerable to small adversarial perturbations.<n>We show that robust feature learning during training can significantly enhance robustness.<n>We propose MOREL, a multi-objective approach that aligns natural and adversarial features.
  arXiv  Detail & Related papers  (2024-10-02T16:05:03Z)
• Black-box Adversarial Transferability: An Empirical Study in Cybersecurity Perspective [0.0]
  In adversarial machine learning, malicious users try to fool the deep learning model by inserting adversarial perturbation inputs into the model during its training or testing phase. We empirically test the black-box adversarial transferability phenomena in cyber attack detection systems. The results indicate that any deep learning model is highly susceptible to adversarial attacks, even if the attacker does not have access to the internal details of the target model.
  arXiv  Detail & Related papers  (2024-04-15T06:56:28Z)
• OMG-ATTACK: Self-Supervised On-Manifold Generation of Transferable Evasion Attacks [17.584752814352502]
  Evasion Attacks (EA) are used to test the robustness of trained neural networks by distorting input data. We introduce a self-supervised, computationally economical method for generating adversarial examples. Our experiments consistently demonstrate the method is effective across various models, unseen data categories, and even defended models.
  arXiv  Detail & Related papers  (2023-10-05T17:34:47Z)
• On the Robustness of Deep Clustering Models: Adversarial Attacks and Defenses [14.951655356042947]
  Clustering models constitute a class of unsupervised machine learning methods which are used in a number of application pipelines. We propose a blackbox attack using Generative Adversarial Networks (GANs) where the adversary does not know which deep clustering model is being used. We analyze our attack against multiple state-of-the-art deep clustering models and real-world datasets, and find that it is highly successful.
  arXiv  Detail & Related papers  (2022-10-04T22:32:02Z)
• Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
  We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks. We present an adversarial training strategy that mitigates the impact of such simulated attacks.
  arXiv  Detail & Related papers  (2022-03-25T19:57:19Z)
• Correlation inference attacks against machine learning models [6.805105137455252]
  We explore correlation inference attacks, whether and when a model leaks information about the correlations between its input variables. Our results raise fundamental questions on what a model does and should remember from its training set.
  arXiv  Detail & Related papers  (2021-12-16T11:42:45Z)
• Learning to Learn Transferable Attack [77.67399621530052]
  Transfer adversarial attack is a non-trivial black-box adversarial attack that aims to craft adversarial perturbations on the surrogate model and then apply such perturbations to the victim model. We propose a Learning to Learn Transferable Attack (LLTA) method, which makes the adversarial perturbations more generalized via learning from both data and model augmentation. Empirical results on the widely-used dataset demonstrate the effectiveness of our attack method with a 12.85% higher success rate of transfer attack compared with the state-of-the-art methods.
  arXiv  Detail & Related papers  (2021-12-10T07:24:21Z)
• Explainable Adversarial Attacks in Deep Neural Networks Using Activation Profiles [69.9674326582747]
  This paper presents a visual framework to investigate neural network models subjected to adversarial examples. We show how observing these elements can quickly pinpoint exploited areas in a model.
  arXiv  Detail & Related papers  (2021-03-18T13:04:21Z)
• ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models [64.03398193325572]
  Inference attacks against Machine Learning (ML) models allow adversaries to learn about training data, model parameters, etc. We concentrate on four attacks - namely, membership inference, model inversion, attribute inference, and model stealing. Our analysis relies on a modular re-usable software, ML-Doctor, which enables ML model owners to assess the risks of deploying their models.
  arXiv  Detail & Related papers  (2021-02-04T11:35:13Z)
• Firearm Detection via Convolutional Neural Networks: Comparing a Semantic Segmentation Model Against End-to-End Solutions [68.8204255655161]
  Threat detection of weapons and aggressive behavior from live video can be used for rapid detection and prevention of potentially deadly incidents. One way for achieving this is through the use of artificial intelligence and, in particular, machine learning for image analysis. We compare a traditional monolithic end-to-end deep learning model and a previously proposed model based on an ensemble of simpler neural networks detecting fire-weapons via semantic segmentation.
  arXiv  Detail & Related papers  (2020-12-17T15:19:29Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.