Toward Trustworthy AI: Multi-Target Adversarial Attacks and Robust Defenses for Continuous Data Summarization
Quick Answer
This paper investigates adversarial attacks on continuous data summarization using DR-submodular optimization, revealing that perturbations can significantly degrade the performance of downstream learning tasks.
Quick Take
This paper investigates adversarial attacks on continuous data summarization using DR-submodular optimization, revealing that perturbations can significantly degrade the performance of downstream learning tasks. The authors propose a min-max problem formulation for multi-target attacks and a robust defense strategy, demonstrating effective results on real data and controlled benchmarks.
Key Points
- Adversarial perturbations can compromise the integrity of data summarization processes.
- Multi-target attacks are formulated as a min-max optimization problem.
- Robust defense strategies improve the trade-off between robustness and mitigation.
- Experiments show significant performance loss in downstream tasks under attack.
- The proposed methods reveal parameter sensitivity in real data scenarios.
Paper Resources
Article Content
From source RSS / original summaryarXiv:2606. 11804v1 Announce Type: new Abstract: Trustworthy AI requires reliable data-processing pipelines, not only robust downstream predictive models. As an upstream component, data summarization determines which information is retained and passed to subsequent learning or decision modules.
Therefore, adversarial perturbations to the summarization process can compromise trustworthy AI in an upstream manner: they may alter the selected summary, reduce its representativeness, and further degrade the utility of subsequent learning tasks. In this paper, we study adversarial attacks on continuous data summarization under similarity-level perturbations through DR-submodular optimization.
We show that a class of multi-resolution image summarization objectives can be formulated as multilinear extensions of non-negative submodular set functions and satisfy DR-submodularity with $m$-weak monotonicity. We then formulate multi-target attack generation as a min-max problem, where one admissible perturbation of the similarity structure is optimized to degrade multiple target summarization models.
To mitigate such perturbations, we formulate robust defense against mixed attack types as a regularized max-min problem. For both problems, we develop approximation algorithms with theoretical guarantees. Experiments on real-data and controlled clustered benchmarks show that the proposed attack is effective in representative low-to-moderate budget regimes and can induce downstream task-performance loss.
The proposed defense improves the robustness--mitigation trade-off in structured settings, while also revealing the parameter sensitivity of robust protection on real data.
Reader Mode unavailable (could not extract clean content).
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from arXiv cs.AI
See more →Arbor: Tree Search as a Cognition Layer for Autonomous Agents
Arbor introduces a multi-agent framework utilizing structured tree search for optimizing LLM inference, achieving up to 193% throughput-latency improvement compared to vendor-optimized systems. It employs an Orchestrator and Critic agent for stability and coordination, demonstrating hardware-agnostic performance with minimal variance.
