A game-theoretic approach to adversarial linear Gaussian classification

Abstract

We employ a game-theoretic model to analyze the interaction between an adversary and a classifier. There are two (i.e., positive and negative) classes to which data points can belong. The adversary wants to maximize the probability of miss-detection for the positive class (i.e., false negative probability) while it does not want to significantly modify the data point so that it still maintains favourable traits of the original class. The classifier, on the other hand, wants maximize the probability of correct detection for the positive class (i.e., true positive probability) subject to a lower-bound on the probability of correct detection for the negative class (i.e., true negative probability). For conditionally Gaussian data points (conditioned on the class) and linear support vector machine classifiers, we rewrite the optimization problems of the adversary and the classifier as convex problems and use best response dynamics to learn an equilibrium of the game. This results in computing a linear support vector machine classifier that is robust against adversarial input manipulations.