Name
Abstract | ||
|---|---|---|
We analyze the properties of adversarial training for learning adversarially robust halfspaces in the presence of agnostic label noise. Denoting OPTp,r as the best robust classification error achieved by a halfspace that is robust to perturbations of l(p) balls of radius r, we show that adversarial training on the standard binary cross-entropy loss yields adversarially robust halfspaces up to (robust) classification error (O) over tilde(root OPT2,r) for p = 2, and (O) over tilde (d(1/4)root OPT infinity,r + d(1)(/2)OPT(infinity,r)) when p = infinity. Our results hold for distributions satisfying anti-concentration properties enjoyed by log-concave isotropic distributions among others. We additionally show that if one instead uses a nonconvex sigmoidal loss, adversarial training yields halfspaces with an improved robust classification error of O(OPT2,r) for p = 2, and O(d(1/4)root OPT infinity,r) when p = infinity. To the best of our knowledge, this is the first work to show that adversarial training provably yields robust classifiers in the presence of noise. |
Year | Venue | DocType |
|---|---|---|
2021 | INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 139 | Conference |
Volume | ISSN | Citations |
139 | 2640-3498 | 0 |
PageRank | References | Authors |
0.34 | 5 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Difan Zou | 1 | 42 | 10.95 |
| Frei, Spencer | 2 | 1 | 2.04 |
| Quanquan Gu | 3 | 1116 | 78.25 |