Samenvatting
The recent years have been marked by extended research on adversarial attacks, especially on deep neural networks. With this work we intend on posing and investigating the question of whether the phenomenon might be more general in nature, that is, adversarial-style attacks outside classical classification tasks. Specifically, we investigate optimization problems as they constitute a fundamental part of modern AI research. To this end, we consider the base class of optimizers namely Linear Programs (LPs). On our initial attempt of a naïve mapping between the formalism of adversarial examples and LPs, we quickly identify the key ingredients missing for making sense of a reasonable notion of adversarial examples for LPs. Intriguingly, the formalism of Pearl’s notion to causality allows for the right description of adversarial like examples for LPs. Characteristically, we show the direct influence of the Structural Causal Model (SCM) onto the subsequent LP optimization, which ultimately exposes a notion of confounding in LPs (inherited by said SCM) that allows for adversarial-style attacks. We provide both the general proof formally alongside existential proofs of such intriguing LP-parameterizations based on SCM for three combinatorial problems, namely Linear Assignment, Shortest Path and a real world problem of energy systems.
Originele taal-2 | Engels |
---|---|
Pagina's (van-tot) | 1329-1349 |
Aantal pagina's | 21 |
Tijdschrift | Machine Learning |
Volume | 113 |
Nummer van het tijdschrift | 3 |
DOI's | |
Status | Gepubliceerd - mrt. 2024 |
Financiering
Open Access funding enabled and organized by Projekt DEAL. This work was supported by the ICT-48 Network of AI Research Excellence Center “TAILOR” (EU Horizon 2020, GA No 952215), the Nexplore Collaboration Lab “AI in Construction” (AICO) and by the Federal Ministry of Education and Research (BMBF; project “PlexPlain”, FKZ 01IS19081). It benefited from the Hessian research priority programme LOEWE within the project WhiteBox and the HMWK cluster project “The Third Wave of AI” (3AI). The authors thank Jonas Hülsmann and Florian Steinke for providing the LP model for the energy system example.
Financiers | Financiernummer |
---|---|
Bundesministerium für Bildung und Forschung | FKZ 01IS19081 |
Technische Universitat Darmstadt |