# Subspace Methods That Are Resistant to a Limited Number of Features   Corrupted by an Adversary

**Authors:** Chris Mesterharm, Rauf Izmailov, Scott Alexander, Simon Tsang

arXiv: 1902.07280 · 2019-07-30

## TL;DR

This paper introduces subspace voting methods that enhance robustness of supervised learning algorithms against adversarial feature corruption, providing theoretical guarantees and empirical validation on multiple datasets.

## Contribution

It proposes novel subspace voting techniques that improve resistance to adversarial feature corruption and offers data-dependent performance bounds.

## Key findings

- High accuracy achieved despite adversarial corruption
- Effective on electromagnetic side channel datasets
- Theoretical bounds support empirical results

## Abstract

In this paper, we consider batch supervised learning where an adversary is allowed to corrupt instances with arbitrarily large noise. The adversary is allowed to corrupt any $l$ features in each instance and the adversary can change their values in any way. This noise is introduced on test instances and the algorithm receives no label feedback for these instances. We provide several subspace voting techniques that can be used to transform existing algorithms and prove data-dependent performance bounds in this setting. The key insight to our results is that we set our parameters so that a significant fraction of the voting hypotheses do not contain corrupt features and, for many real world problems, these uncorrupt hypotheses are sufficient to achieve high accuracy. We empirically validate our approach on several datasets including three new datasets that deal with side channel electromagnetic information.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.07280/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/1902.07280/full.md

## References

24 references — full list in the complete paper: https://tomesphere.com/paper/1902.07280/full.md

---
Source: https://tomesphere.com/paper/1902.07280