Countering adversarial evasion in regression analysis
Countering adversarial evasion in regression analysis
Adversarial machine learning challenges the assumption that the underlying distribution remains consistent throughout the training and implementation of a prediction model. In particular, adversarial evasion considers scenarios where adversaries adapt their data to influence particular outcomes from established prediction models, such scenarios arise in applications such as spam email filtering, malware detection and fake-image generation, where security methods must be actively updated to keep up with the ever-improving generation of malicious data. Game theoretic models have been shown to be effective at modelling these scenarios and hence training resilient predictors against such adversaries. Recent advancements in the use of pessimistic bilevel optimsiation which remove assumptions about the convexity and uniqueness of the adversary's optimal strategy have proved to be particularly effective at mitigating threats to classifiers due to its ability to capture the antagonistic nature of the adversary. However, this formulation has not yet been adapted to regression scenarios. This article serves to propose a pessimistic bilevel optimisation program for regression scenarios which makes no assumptions on the convexity or uniqueness of the adversary's solutions.
cs.LG
Benfield, David
dfd71ebe-c3ec-4130-96f2-6cc80178c3c5
Vuong, Phan Tu
52577e5d-ebe9-4a43-b5e7-68aa06cfdcaf
Zemkoho, Alain
30c79e30-9879-48bd-8d0b-e2fbbc01269e
Benfield, David
dfd71ebe-c3ec-4130-96f2-6cc80178c3c5
Vuong, Phan Tu
52577e5d-ebe9-4a43-b5e7-68aa06cfdcaf
Zemkoho, Alain
30c79e30-9879-48bd-8d0b-e2fbbc01269e
[Unknown type: UNSPECIFIED]
Abstract
Adversarial machine learning challenges the assumption that the underlying distribution remains consistent throughout the training and implementation of a prediction model. In particular, adversarial evasion considers scenarios where adversaries adapt their data to influence particular outcomes from established prediction models, such scenarios arise in applications such as spam email filtering, malware detection and fake-image generation, where security methods must be actively updated to keep up with the ever-improving generation of malicious data. Game theoretic models have been shown to be effective at modelling these scenarios and hence training resilient predictors against such adversaries. Recent advancements in the use of pessimistic bilevel optimsiation which remove assumptions about the convexity and uniqueness of the adversary's optimal strategy have proved to be particularly effective at mitigating threats to classifiers due to its ability to capture the antagonistic nature of the adversary. However, this formulation has not yet been adapted to regression scenarios. This article serves to propose a pessimistic bilevel optimisation program for regression scenarios which makes no assumptions on the convexity or uniqueness of the adversary's solutions.
Text
2509.22113v2
- Author's Original
More information
Accepted/In Press date: 26 September 2025
Keywords:
cs.LG
Identifiers
Local EPrints ID: 509657
URI: http://eprints.soton.ac.uk/id/eprint/509657
PURE UUID: 95558d00-a427-4692-a929-fe524a0a6772
Catalogue record
Date deposited: 27 Feb 2026 17:57
Last modified: 28 Feb 2026 02:59
Export record
Altmetrics
Contributors
Author:
David Benfield
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics
