Multi-label Adversarial Perturbations

Qingquan Song, Haifeng Jin, Xiao Huang, Xia Hu

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

21 Citations (Scopus)


Adversarial examples are delicately perturbed inputs, which aim to mislead machine learning models towards incorrect outputs. While existing work focuses on generating adversarial perturbations in multiclass classification problems, many real-world applications fall into the multi-label setting, in which one instance could be associated with more than one label. To analyze the vulnerability and robustness of multi-label learning models, we investigate the generation of multi-label adversarial perturbations. This is a challenging task due to the uncertain number of positive labels associated with one instance, and the fact that multiple labels are usually not mutually exclusive with each other. To bridge the gap, in this paper, we propose a general attacking framework targeting multi-label classification problem and conduct a premier analysis on the perturbations for deep neural networks. Leveraging the ranking relationships among labels, we further design a ranking-based framework to attack multi-label ranking algorithms. Experiments on two different datasets demonstrate the effectiveness of the proposed frameworks and provide insights of the vulnerability of multi-label deep models under diverse targeted attacks.

Original languageEnglish
Title of host publication2018 IEEE International Conference on Data Mining, ICDM 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781538691588
Publication statusPublished - 27 Dec 2018
Externally publishedYes
Event18th IEEE International Conference on Data Mining, ICDM 2018 - Singapore, Singapore
Duration: 17 Nov 201820 Nov 2018

Publication series

NameProceedings - IEEE International Conference on Data Mining, ICDM
ISSN (Print)1550-4786


Conference18th IEEE International Conference on Data Mining, ICDM 2018


  • Adversarial attack
  • Adversarial machine learning
  • Multi label learning

ASJC Scopus subject areas

  • General Engineering


Dive into the research topics of 'Multi-label Adversarial Perturbations'. Together they form a unique fingerprint.

Cite this