The recent years have been marked by extended research on adversarial attacks, especially on deep neural networks. With this work we intend on posing and investigating the question of whether the phenomenon might be more general in nature, that is, adversarial-style attacks outside classical classification tasks. Specifically, we investigate optimization problems as they constitute a fundamental part of modern AI research. To this end, we consider the base class of optimizers namely Linear Programs (LPs). On our initial attempt of a na\"ive mapping between the formalism of adversarial examples and LPs, we quickly identify the key ingredients missing for making sense of a reasonable notion of adversarial examples for LPs. Intriguingly, the formalism of Pearl's notion to causality allows for the right description of adversarial like examples for LPs. Characteristically, we show the direct influence of the Structural Causal Model (SCM) onto the subsequent LP optimization, which ultimately exposes a notion of confounding in LPs (inherited by said SCM) that allows for adversarial-style attacks. We provide both the general proof formally alongside existential proofs of such intriguing LP-parameterizations based on SCM for three combinatorial problems, namely Linear Assignment, Shortest Path and a real world problem of energy systems.

翻译：近年来，对抗性攻击的研究取得了广泛进展，尤其是针对深度神经网络。本文旨在提出并探讨一个更普遍的现象：即对抗性攻击是否可能超越经典分类任务，在更广泛的领域存在。具体来说，我们研究了作为现代人工智能研究核心组成部分的优化问题。为此，我们考虑了基本优化器类别——线性规划。在尝试将对抗性示例的形式化框架与线性规划进行朴素映射的初期，我们迅速发现了构建合理的线性规划对抗性示例概念所缺失的关键要素。有趣的是，Pearl因果推断的形式化框架为描述线性规划的对抗性示例提供了恰当的表述。典型地，我们展示了结构因果模型对后续线性规划优化的直接影响，这最终揭示了线性规划中由该结构因果模型继承的混杂概念，从而允许对抗性攻击的发生。我们提供了形式化的通用证明，并基于结构因果模型针对三个组合优化问题（线性分配、最短路径以及一个真实的能源系统问题）给出了这类有趣线性规划参数化的存在性证明。