Evaluating robustness of support vector machines with the Lagrangian dual approach

Adversarial examples bring a considerable security threat to support vector machines (SVMs), especially those used in safety-critical applications. Thus, robustness verification is an essential issue for SVMs, which can provide provable robustness against various adversarial attacks. The evaluation results obtained through robustness verification can provide a security guarantee for the use of SVMs. The existing verification method does not often perform well in verifying SVMs with nonlinear kernels. To this end, we propose a method to improve the verification performance for SVMs with nonlinear kernels. We first formalize the adversarial robustness evaluation of SVMs as an optimization problem with a feedforward neural network representation. Then, the lower bound of the original problem is obtained by solving the Lagrangian dual problem. Finally, the adversarial robustness of SVMs is evaluated concerning the lower bound. We evaluate the adversarial robustness of SVMs with linear and nonlinear kernels on the MNIST and Fashion-MNIST datasets. The experimental results show that our method achieves a higher percentage of provable robustness on the test set compared to the state-of-the-art.