Adversarial Learning Guarantees for Linear Hypotheses and Neural Networks

TL;DR

This paper analyzes the generalization capabilities of linear hypotheses and neural networks under adversarial perturbations using Rademacher complexity, providing new bounds that improve understanding of adversarial robustness.

Contribution

It introduces novel upper and lower bounds for adversarial Rademacher complexity for linear hypotheses and neural networks, extending previous results and offering a more detailed analysis.

Findings

Derived bounds for linear hypotheses with $l_r$-norm perturbations.

Extended analysis to single ReLU units and neural networks with one hidden layer.

Provided tighter Rademacher complexity bounds compared to prior work.

Abstract

Adversarial or test time robustness measures the susceptibility of a classifier to perturbations to the test input. While there has been a flurry of recent work on designing defenses against such perturbations, the theory of adversarial robustness is not well understood. In order to make progress on this, we focus on the problem of understanding generalization in adversarial settings, via the lens of Rademacher complexity. We give upper and lower bounds for the adversarial empirical Rademacher complexity of linear hypotheses with adversarial perturbations measured in $l_r$-norm for an arbitrary $r \geq 1$. This generalizes the recent result of [Yin et al.'19] that studies the case of $r = \infty$, and provides a finer analysis of the dependence on the input dimensionality as compared to the recent work of [Khim and Loh'19] on linear hypothesis classes. We then extend our analysis to provide Rademacher complexity lower and upper bounds for a single ReLU unit. Finally, we give adversarial Rademacher complexity bounds for feed-forward neural networks with one hidden layer. Unlike previous works we directly provide bounds on the adversarial Rademacher complexity of the given network, as opposed to a bound on a surrogate. A by-product of our analysis also leads to tighter bounds for the Rademacher complexity of linear hypotheses, for which we give a detailed analysis and present a comparison with existing bounds.