Many safety-critical applications of machine learning, such as fraud or abuse detection, use data in tabular domains. Adversarial examples can be particularly damaging for these applications. Yet, existing works on adversarial robustness primarily focus on machine-learning models in image and text domains. We argue that, due to the differences between tabular data and images or text, existing threat models are not suitable for tabular domains. These models do not capture that the costs of an attack could be more significant than imperceptibility, or that the adversary could assign different values to the utility obtained from deploying different adversarial examples. We demonstrate that, due to these differences, the attack and defense methods used for images and text cannot be directly applied to tabular settings. We address these issues by proposing new cost and utility-aware threat models that are tailored to the adversarial capabilities and constraints of attackers targeting tabular domains. We introduce a framework that enables us to design attack and defense mechanisms that result in models protected against cost and utility-aware adversaries, for example, adversaries constrained by a certain financial budget. We show that our approach is effective on three datasets corresponding to applications for which adversarial examples can have economic and social implications.

翻译：许多机器学习的安全关键应用，如欺诈或滥用检测，都使用表格领域的数据。对抗样本可能对这些应用造成特别严重的损害。然而，现有关于对抗鲁棒性的研究主要聚焦于图像和文本领域的机器学习模型。我们认为，由于表格数据与图像或文本之间存在差异，现有的威胁模型并不适用于表格领域。这些模型未能捕捉到攻击成本可能比不可感知性更为重要，或者对手可能对不同对抗样本部署所获得的效用赋予不同价值。我们证明，由于这些差异，针对图像和文本的攻击与防御方法无法直接应用于表格场景。为解决这些问题，我们提出了新的成本与效用感知威胁模型，这些模型专门针对攻击者在表格领域中的对抗能力与约束条件进行设计。我们引入了一个框架，能够设计出防范成本与效用感知型对手（例如受限于特定财务预算的对手）的攻防机制。通过三个对应可能产生经济与社会影响的应用数据集，我们证明了该方法的有效性。