This paper tackles the problem of adversarial examples from a game theoretic
point of view. We study the open question of the existence of mixed Nash
equilibria in the zero-sum game formed by the attacker and the classifier.
While previous works usually allow only one player to use randomized
strategies, we show the necessity of considering randomization for both the
classifier and the attacker. We demonstrate that this game has no duality gap,
meaning that it always admits approximate Nash equilibria. We also provide the
first optimization algorithms to learn a mixture of classifiers that
approximately realizes the value of this game, emph{i.e.} procedures to build
an optimally robust randomized classifier.

Go to Source of this post
Author Of this post: <a href="">Laurent Meunier</a>, <a href="">Meyer Scetbon</a>, <a href="">Rafael Pinot</a>, <a href="">Jamal Atif</a>, <a href="">Yann Chevaleyre</a>

By admin