Robust Machine Learning via Privacy/Rate-Distortion Theory
Ye Wang, Shuchin Aeron, Adnan Siraj Rakin, Toshiaki Koike-Akino,, Pierre Moulin
TL;DR
This paper links robust machine learning to privacy-utility tradeoffs using rate-distortion theory, revealing fundamental robustness limits based on data geometry and perturbation constraints.
Contribution
It introduces an information-theoretic framework connecting adversarial robustness with rate-distortion theory, providing new insights into robustness-performance tradeoffs.
Findings
Robust classifiers can be characterized via maximum conditional entropy.
The robustness-performance tradeoff depends on data distribution geometry.
A saddle point solution relates to privacy-utility optimization.
Abstract
Robust machine learning formulations have emerged to address the prevalent vulnerability of deep neural networks to adversarial examples. Our work draws the connection between optimal robust learning and the privacy-utility tradeoff problem, which is a generalization of the rate-distortion problem. The saddle point of the game between a robust classifier and an adversarial perturbation can be found via the solution of a maximum conditional entropy problem. This information-theoretic perspective sheds light on the fundamental tradeoff between robustness and clean data performance, which ultimately arises from the geometric structure of the underlying data distribution and perturbation constraints.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Ethics and Social Impacts of AI