Lower Bounds on Cross-Entropy Loss in the Presence of Test-time Adversaries

TL;DR

This paper establishes fundamental lower bounds on cross-entropy loss under test-time adversaries, providing a theoretical benchmark to evaluate and improve robust supervised learning methods.

Contribution

It introduces a general formulation for lower bounds on loss functions in adversarial settings, along with an efficient algorithm to compute these bounds and assess current robustness techniques.

Findings

Lower bounds reveal gaps in current robust training methods at larger adversarial budgets.

The proposed algorithm efficiently computes bounds for practical datasets.

Using optimal classification outputs as soft labels can empirically enhance robustness.

Abstract

Understanding the fundamental limits of robust supervised learning has emerged as a problem of immense interest, from both practical and theoretical standpoints. In particular, it is critical to determine classifier-agnostic bounds on the training loss to establish when learning is possible. In this paper, we determine optimal lower bounds on the cross-entropy loss in the presence of test-time adversaries, along with the corresponding optimal classification outputs. Our formulation of the bound as a solution to an optimization problem is general enough to encompass any loss function depending on soft classifier outputs. We also propose and provide a proof of correctness for a bespoke algorithm to compute this lower bound efficiently, allowing us to determine lower bounds for multiple practical datasets of interest. We use our lower bounds as a diagnostic tool to determine the effectiveness of current robust training methods and find a gap from optimality at larger budgets. Finally, we investigate the possibility of using of optimal classification outputs as soft labels to empirically improve robust training.