On a class of adversarial classification problems which admit a continuous solution
Guillaume Carlier, Maxime Sylvestre
TL;DR
We formulate robust binary classification under adversarial perturbations as a zero-sum game between a classifier with loss functions $l_i$ and an adversary incurring transport costs $c_i$. The paper proves the existence of a game value and a continuous (even Lipschitz) optimal classifier under mild regularity, using convex duality and Kantorovich-type arguments. It also develops a softmax regularization that links to entropic optimal transport, establishes $\,\,\\Gamma$-convergence to the original problem, and provides numerical demonstrations on a one-dimensional torus illustrating how the regularization parameter $\,\\\varepsilon$ and transport costs shape both the classifier and the adversarial strategy. These results offer a principled, computable framework for robust adversarial classification with transport-based perturbations and connect to modern OT techniques for scalable optimization.
Abstract
We consider a class of adversarial classification problems in the form of zero-sum games between a classifier and an adversary. The latter is able to corrupt data, at the expense of some optimal transport cost. We show that quite general assumptions on the loss functions of the classifier and the transport cost functions of the adversary ensure the existence of a Nash equilibrium with a continuous (or even Lipschitz) classifier's strategy. We also consider a softmax-like regularization of this problem and present numerical results for this regularization.