P. García Arce, R. Naveiro Flores, D. Ríos Insua
Machine learning systems are increasingly exposed to adversarial attacks. While much of the research in adversarial machine learning has focused on studying the weaknesses against evasion attacks against classification models in classical setups, the susceptibility of Bayesian regression models to attacks remains underexplored. This paper introduces a general methodology for designing optimal evasion attacks against such models. We investigate two adversarial objectives: perturbing specific point predictions and altering the entire posterior predictive distribution. For both scenarios, we propose gradient-based attacks that are applicable even when the posterior predictive distribution lacks a closed-form solution and is accessible only through Markov Chain Monte Carlo sampling.
Palabras clave: Adversarial Machine Learning, Bayesian Neural Networks
Programado
Interdisciplinary applications of Bayesian methods
10 de junio de 2025 15:30
Sala de prensa (MR 13)