Boosting Barely Robust Learners: A New Perspective on Adversarial Robustness

TL;DR

This paper introduces an oracle-efficient boosting algorithm to enhance the adversarial robustness of barely robust learners, establishing a connection between barely robust and strongly robust learning.

Contribution

It proposes a novel boosting method for barely robust learners and demonstrates the necessity of larger perturbation sets for strong robustness.

Findings

The algorithm improves adversarial robustness of barely robust learners.

A fundamental equivalence between barely robust and strongly robust learning is established.

We show that larger perturbation sets are essential for achieving strong robustness.

Abstract

We present an oracle-efficient algorithm for boosting the adversarial robustness of barely robust learners. Barely robust learning algorithms learn predictors that are adversarially robust only on a small fraction $\beta \ll 1$ of the data distribution. Our proposed notion of barely robust learning requires robustness with respect to a "larger" perturbation set; which we show is necessary for strongly robust learning, and that weaker relaxations are not sufficient for strongly robust learning. Our results reveal a qualitative and quantitative equivalence between two seemingly unrelated problems: strongly robust learning and barely robust learning.