MultiGuard: Provably Robust Multi-label Classification against Adversarial Examples

AI-generated keywords: Multi-label Classification Adversarial Examples Robustness Guarantees Randomized Smoothing MultiGuard

AI-generated Key Points

  • Multi-label classification is susceptible to adversarial examples
  • MultiGuard is the first provably robust defense against adversarial examples in multi-label classification
  • MultiGuard uses randomized smoothing and introduces random noise using isotropic Gaussian noise
  • The main theoretical contribution of MultiGuard is demonstrating that a certain number of ground truth labels are guaranteed to be included in the predicted labels when the $\ell_2$-norm of the adversarial perturbation is bounded
  • An algorithm is designed to compute provable robustness guarantees
  • MultiGuard is evaluated on benchmark datasets such as VOC 2007, MS-COCO, and NUS-WIDE empirically
  • Results demonstrate the effectiveness of MultiGuard in defending against adversarial attacks in multi-label classification tasks
Also access our AI generated: Comprehensive summary, Lay summary, Blog-like article; or ask questions about this paper to our AI assistant.

Authors: Jinyuan Jia, Wenjie Qu, Neil Zhenqiang Gong

Accepted by NeurIPS 2022
License: CC BY 4.0

Abstract: Multi-label classification, which predicts a set of labels for an input, has many applications. However, multiple recent studies showed that multi-label classification is vulnerable to adversarial examples. In particular, an attacker can manipulate the labels predicted by a multi-label classifier for an input via adding carefully crafted, human-imperceptible perturbation to it. Existing provable defenses for multi-class classification achieve sub-optimal provable robustness guarantees when generalized to multi-label classification. In this work, we propose MultiGuard, the first provably robust defense against adversarial examples to multi-label classification. Our MultiGuard leverages randomized smoothing, which is the state-of-the-art technique to build provably robust classifiers. Specifically, given an arbitrary multi-label classifier, our MultiGuard builds a smoothed multi-label classifier via adding random noise to the input. We consider isotropic Gaussian noise in this work. Our major theoretical contribution is that we show a certain number of ground truth labels of an input are provably in the set of labels predicted by our MultiGuard when the $\ell_2$-norm of the adversarial perturbation added to the input is bounded. Moreover, we design an algorithm to compute our provable robustness guarantees. Empirically, we evaluate our MultiGuard on VOC 2007, MS-COCO, and NUS-WIDE benchmark datasets. Our code is available at: \url{https://github.com/quwenjie/MultiGuard}

Submitted to arXiv on 03 Oct. 2022

Ask questions about this paper to our AI assistant

You can also chat with multiple papers at once here.

AI assistant instructions?

Results of the summarizing process for the arXiv paper: 2210.01111v1

Multi-label classification has various applications but is susceptible to adversarial examples. To address this issue, we propose MultiGuard, the first provably robust defense against adversarial examples in multi-label classification. MultiGuard leverages randomized smoothing and introduces random noise to the input using isotropic Gaussian noise. Our main theoretical contribution is demonstrating that when the $\ell_2$-norm of the adversarial perturbation added to the input is bounded, a certain number of ground truth labels are guaranteed to be included in the set of labels predicted by MultiGuard. Additionally, we design an algorithm to compute these provable robustness guarantees and evaluate MultiGuard on benchmark datasets such as VOC 2007, MS-COCO and NUS-WIDE empirically. Our results demonstrate its effectiveness in defending against adversarial attacks in multi-label classification tasks. For more details and access to our code implementation, please refer to our GitHub repository: [https://github.com/quwenjie/MultiGuard](https://github.com/quwenjie/MultiGuard).
Created on 23 Aug. 2023

Assess the quality of the AI-generated content by voting

Score: 0

Why do we need votes?

Votes are used to determine whether we need to re-run our summarizing tools. If the count reaches -10, our tools can be restarted.

The previous summary was created more than a year ago and can be re-run (if necessary) by clicking on the Run button below.

Similar papers summarized with our AI tools

Navigate through even more similar papers through a

tree representation

Look for similar papers (in beta version)

By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.

Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.