adversarial training
Statistical Guarantees for Distributionally Robust Optimization with Optimal Transport and OT-Regularized Divergences
Birrell, Jeremiah, Shen, Xiaoxi
We study finite-sample statistical performance guarantees for distributionally robust optimization (DRO) with optimal transport (OT) and OT-regularized divergence model neighborhoods. Specifically, we derive concentration inequalities for supervised learning via DRO-based adversarial training, as commonly employed to enhance the adversarial robustness of machine learning models. Our results apply to a wide range of OT cost functions, beyond the $p$-Wasserstein case studied by previous authors. In particular, our results are the first to: 1) cover soft-constraint norm-ball OT cost functions; soft-constraint costs have been shown empirically to enhance robustness when used in adversarial training, 2) apply to the combination of adversarial sample generation and adversarial reweighting that is induced by using OT-regularized $f$-divergence model neighborhoods; the added reweighting mechanism has also been shown empirically to further improve performance. In addition, even in the $p$-Wasserstein case, our bounds exhibit better behavior as a function of the DRO neighborhood size than previous results when applied to the adversarial setting.
- North America > United States > Texas (0.04)
- Europe > United Kingdom > England > Cambridgeshire > Cambridge (0.04)
- Asia > Middle East > Jordan (0.04)
Semi-supervised Deep Kernel Learning: Regression with Unlabeled Data by Minimizing Predictive Variance
Neal Jean, Sang Michael Xie, Stefano Ermon
Neural Information Processing Systems http://nips.cc/
- Information Technology > Artificial Intelligence > Representation & Reasoning > Uncertainty (1.00)
- Information Technology > Artificial Intelligence > Machine Learning > Statistical Learning (1.00)
- Information Technology > Artificial Intelligence > Machine Learning > Neural Networks > Deep Learning (1.00)
Explicit Tradeoffs between Adversarial and Natural Distributional Robustness
Results averaged over ResNet18 and ResNet50.
- North America > United States > Maryland (0.04)
- North America > United States > California (0.04)
- North America > Canada > British Columbia > Vancouver (0.04)
- Asia > Middle East > Jordan (0.04)
ProvablyRobustDeepLearningviaAdversarially TrainedSmoothedClassifiers
Inthis paper,we employadversarial training to improve the performance of randomized smoothing.
- Oceania > Australia > New South Wales > Sydney (0.04)
- North America > United States > California > San Diego County > San Diego (0.04)
- North America > United States > California > Los Angeles County > Long Beach (0.04)
- (4 more...)
Appendices
The supplementary material is organized as follows. We first discuss additional related work and provide experiment details inSection 2andAppendix Brespectively. Adversarial Defenses: Neural networks trained using standard procedures such as SGD are extremely vulnerable [23] to -bound adversarial attacks such as FGSM [23], PGD [42], CW [11], andMomentum [17];Unrestricted attacks [7,19]cansignificantly degrade model performance as well. Defense strategies based on heuristics such as feature squeezing [82], denoising [80], encoding [10], specialized nonlinearities [83] and distillation [56] have had limited success against stronger attacks [2]. Then, we introduce a noisy version of the5-slab block,whichwelateruseinAppendixD.
240c945bb72980130446fc2b40fbb8e0-Paper.pdf
Deep learning models have achieved impressive performance on a wide variety of challenging tasks such as image recognition, natural language generation, game playing, etc.
AUnifiedGame-TheoreticInterpretationof AdversarialRobustness
This paper provides a unified view to explain different adversarial attacks and defensemethods,i.e.
- Asia > Middle East > Jordan (0.04)
- Asia > China (0.04)
