Timezone: »

Adversarial Robustness for Tabular Data through Cost and Utility Awareness
Klim Kireev · Bogdan Kulynych · Carmela Troncoso

Many machine learning applications (credit scoring, fraud detection, etc.) use data in the tabular domains. Adversarial examples can be especially damaging for these applications. Yet, existing works on adversarial robustness mainly focus on machine-learning models in the image and text domains. We argue that due to the differences between tabular data and images or text, existing threat models are inappropriate for tabular domains. These models do not capture that cost can be more important than imperceptibility, nor that the adversary could ascribe different value to the utility obtained from deploying different adversarial examples. We show that due to these differences the attack and defence methods used for images and text cannot be directly applied to the tabular setup. We address these issues by proposing new cost and utility-aware threat models tailored to capabilities and constraints of attackers targeting tabular domains. We show that our approach is effective on two tabular datasets corresponding to applications for which adversarial examples can have economic and social implications.

Author Information

Klim Kireev (Swiss Federal Institute of Technology Lausanne)
Bogdan Kulynych (EPFL SPRING Lab)

PhD candidate in Computer Science at EPFL, Fellow at Harvard SEAS. B.Sc. from Kyiv Mohyla Academy in Ukraine. Formerly an intern at Google, CERN. I study privacy, security, reliability, and broader societal harms of algorithmic systems.

Carmela Troncoso (EPFL)

More from the Same Authors