Lattice Climber Attack: Adversarial attacks for randomized mixtures of classifiers

However, existing attacks have been shown to not suit this kind of classifier. In this paper, we discuss the problem of attacking a mixture in a principled way and introduce two desirable properties of attacks based on a geometrical analysis of the problem (effectiveness and maxi-mality). We then show that existing attacks do not meet both of these properties. Finally, we introduce a new attack called lattice climber attack with theoretical guarantees in the binary linear setting, and demonstrate its performance by conducting experiments on synthetic and real datasets. Keywords: adversarial robustness adversarial attacks randomized classifiers mixtures.