2025-09-16
Game theoretic mixed experts for combinational adversarial machine learning
Publication
Publication
IEEE Access , Volume 13 p. 158887- 158905
Recent advances in adversarial machine learning have shown that defenses previously considered robust are actually susceptible to adversarial attacks which are specifically customized to target their weaknesses. However, whether the adversarial examples generated by customized attacks, are effective on other defenses, is an open question. In this work we seek to explore three important security questions: First, do different defense strategies exhibit the same low transferability properties as different model architectures and, if so, how can this low transferability be utilized to improve robustness? Second, how can a white-box adversary design attacks to specifically thwart multi-defense based setups? Last, how can game theoretic analysis further improve the robustness against an adversary capable of implementing multiple state-of-the-art attacks? To this end we provide multiple contributions, including the first transferability study between multiple defense strategies, three new attack algorithms designed to break random transform and ensemble defenses, and two game theoretic frameworks for analyzing and optimizing robustness over a combination of adversarial attacks and defenses. Empirically, we show our framework is 18% more robust on CIFAR-10 and is 27% more robust on Tiny-ImageNet than the best single state-of-the-art defense that we analzye.
| Additional Metadata | |
|---|---|
| , , , | |
| doi.org/10.1109/ACCESS.2025.3608117 | |
| IEEE Access | |
| Organisation | Centrum Wiskunde & Informatica, Amsterdam (CWI), The Netherlands |
|
Mahmood, K., Rathbun, E., Sahu, R., van Dijk, M., Ahmad, S., & Ding, C. (2025). Game theoretic mixed experts for combinational adversarial machine learning. IEEE Access, 13, 158887–158905. doi:10.1109/ACCESS.2025.3608117 |
|
