Adversarial deep learning is to train robust DNNs against adversarial attacks, which is one of the major research focuses of deep learning. Game theory has been used to answer some of the basic questions about adversarial deep learning such as the existence of a classifier with optimal robustness and the existence of optimal adversarial samples for a given class of classifiers. In most previous work, adversarial deep learning was formulated as a simultaneous game and the strategy spaces are assumed to be certain probability distributions in order for the Nash equilibrium to exist. But, this assumption is not applicable to the practical situation. In this paper, we give answers to these basic questions for the practical case where the classifiers are DNNs with a given structure, by formulating the adversarial deep learning as sequential games. The existence of Stackelberg equilibria for these games are proved. Furthermore, it is shown that the equilibrium DNN has the largest adversarial accuracy among all DNNs with the same structure, when Carlini-Wagner's margin loss is used. Trade-off between robustness and accuracy in adversarial deep learning is also studied from game theoretical aspect.
翻译:Adversarial深层次的学习是训练强大的DNN, 对抗性攻击是深层次学习的主要研究重点之一。游戏理论被用来回答关于对抗性深层次学习的一些基本问题,例如存在一个具有最佳强力的分类师和某一类分类师的最佳对抗性样本。在以往的多数工作中,对抗性深层次学习是同时拟订的,战略空间被认为是某种概率分布,以便纳什平衡得以存在。但是,这一假设并不适用于实际情况。在本文中,我们通过将对抗性深层次学习作为连续游戏来回答具有某种结构的DNN的实用案例。Stackelberg equilibrary的存在得到了证明。此外,还从游戏理论角度研究了所有具有同一结构的DNN的DNA的平衡性最大对抗性准确性,在使用Carlini-Wagner的差值损失时,这种平衡性在对抗性深层次的深层次学习中是否稳健和准确。