NeurIPS 2020

A Game Theoretic Analysis of Additive Adversarial Attacks and Defenses


Meta Review

The paper provides a game-theoretic analysis of additive attacks in the "No-Box" setting. Its most significant result is the proof that the FGM attack and randomized smoothing form a Nash equilibrium under the assumption of a local linearity of the decision boundary. The paper's main contribution is theoretical, its empirical evaluation is performed on the MNIST dataset for a limited number of classes. Also, the validity of some theoretical assumptions is not convincingly presented in the paper. The authors should also clarify the relationship of their work to prior game-theoretic approaches to adversarial learning, e.g., Brückner, M., Kanzow, C. and Scheffer, T., 2012. Static prediction games for adversarial learning problems. The Journal of Machine Learning Research, 13(1), pp.2617-2654. Brückner, M. and Scheffer, T., 2011, August. Stackelberg games for adversarial prediction problems. In Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining (pp. 547-555).