A Metric for Machine Learning Vulnerability to Adversarial Examples

Abstract

Recent studies in the field of Adversarial Machine Learning (AML) have primarily focused on techniques for poisoning and manipulating the Machine Learning (ML) systems for operations such as malware identification and image recognition. While the offensive perspective of such systems is increasingly well documented, the work approaching the problem from the defensive standpoint is sparse. In this paper, we define a metric for quantizing the vulnerability or susceptibility of a given ML model to adversarial manipulation using only properties inherent to the model under examination. This metric will be shown to have several useful properties related to known features of classifier-based ML systems and is intended as a tool to broadly compare the security of various competing ML models based on their maximum potential susceptibility to adversarial manipulation.