A Unified Bayesian Framework for Adversarial Robustness

P. García Arce, R. Naveiro, D. Ríos Insua

The vulnerability of machine learning models to adversarial attacks remains a critical security challenge. Traditional defenses, such as adversarial training, typically robustify models by minimizing a worst-case loss. However, these deterministic approaches do not account for uncertainty in the adversary’s attack. While stochastic defenses placing a probability distribution on the adversary exist, they often lack statistical rigor and fail to make explicit their underlying assumptions. We introduce a formal Bayesian framework that models adversarial uncertainty through a stochastic channel, articulating all probabilistic assumptions. This yields two strategies: a proactive defense
enacted during training, aligned with adversarial training, and a reactive defense enacted during operations, aligned with adversarial purification. Several previous defenses can be recovered as limiting cases of our model. We validate our methodology, showcasing the benefits of modeling uncertainty.

Palabras clave: Adversarial, Bayesian, Machine Learning

GT Inferencia Bayesiana: Sesión de Jóvenes Bayesianos en honor a Mª Eugenia Castellanos
5 de septiembre de 2026  10:00
Aula 20

M. Chacón Falcón, D. Rios Insua

C. Mulet, G. García-Donato

D. Corrales Alonso, D. Ríos Insua