RS-Del: Edit Distance Robustness Certificates for Sequence Classifiers via Randomized Deletion

Randomized smoothing is a leading approach for constructing classifiers that are certifiably robust against adversarial examples. Existing work on randomized smoothing has focused on classifiers with continuous inputs, such as images, where $\ell_p$-norm bounded adversaries are commonly studied. However, there has been limited work for classifiers with discrete or variable-size inputs, such as for source code, which require different threat models and smoothing mechanisms. In this work, we adapt randomized smoothing for discrete sequence classifiers to provide certified robustness against edit distance-bounded adversaries. Our proposed smoothing mechanism randomized deletion (RS-Del) applies random deletion edits, which are (perhaps surprisingly) sufficient to confer robustness against adversarial deletion, insertion and substitution edits. Our proof of certification deviates from the established Neyman-Pearson approach, which is intractable in our setting, and is instead organized around longest common subsequences. We present a case study on malware detection--a binary classification problem on byte sequences where classifier evasion is a well-established threat model. When applied to the popular MalConv malware detection model, our smoothing mechanism RS-Del achieves a certified accuracy of 91% at an edit distance radius of 128 bytes.Comment: To be published in NeurIPS 2023. 36 pages, 7 figures, 12 tables. Includes 20 pages of appendice

The theory of nonlinear systems as an instrument for solving engineering problems

The article outlines theoretical, methodological and practical issues of modern control and optimization theory, as well as the problems of nonlinear systems theory. Theoretical conclusions and results allowed to build mathematical models applicable to the management of objects of different nature with different principles of action, in particular, to the management of complex technical and technological objects that can be considered as nonlinear dynamic systems. The authors find it appropriate to consider nonlinear dynamic integral models as Volterra integro-power series from many functional arguments with multidimensional weight functions and a certain finite set of inputs to the system. The set of multidimensional kernels of integral Volterra operators completely characterizes the nonlinear and dynamic properties, and, consequently, the technical state of the initial system. The application of Volterra series based models allows to take into account the nonlinear and inertial properties of the initial nonlinear dynamic system more fully and accurately, it also makes the model diagnostic of a technical system more universal, raises the reliability of the forecast. The diagnostic procedure in this case is aimed at defining Volterra kernels based on the data of “input-output” experiment and building the diagnostic system of attribute in the space of which the decisive rule of optimal classification is created

The theory of nonlinear systems as an instrument for solving engineering problems

The article outlines theoretical, methodological and practical issues of modern control and optimization theory, as well as the problems of nonlinear systems theory. Theoretical conclusions and results allowed to build mathematical models applicable to the management of objects of different nature with different principles of action, in particular, to the management of complex technical and technological objects that can be considered as nonlinear dynamic systems. The authors find it appropriate to consider nonlinear dynamic integral models as Volterra integro-power series from many functional arguments with multidimensional weight functions and a certain finite set of inputs to the system. The set of multidimensional kernels of integral Volterra operators completely characterizes the nonlinear and dynamic properties, and, consequently, the technical state of the initial system. The application of Volterra series based models allows to take into account the nonlinear and inertial properties of the initial nonlinear dynamic system more fully and accurately, it also makes the model diagnostic of a technical system more universal, raises the reliability of the forecast. The diagnostic procedure in this case is aimed at defining Volterra kernels based on the data of “input-output” experiment and building the diagnostic system of attribute in the space of which the decisive rule of optimal classification is created