A law of adversarial risk, interpolation, and label noise

TL;DR

This paper establishes a theoretical link between label noise and adversarial vulnerability in supervised learning, showing that interpolating noisy labels increases adversarial risk, with implications for understanding and mitigating model vulnerabilities.

Contribution

It proves the first theorem relating label noise to adversarial risk, analyzes effects of distribution properties, and compares uniform versus real-world label noise impacts.

Findings

Interpolating label noise increases adversarial vulnerability.

Uniform label noise induces nearly as large adversarial risk as worst poisoning.

Inductive biases amplify the effect of label noise on adversarial risk.

Abstract

In supervised learning, it has been shown that label noise in the data can be interpolated without penalties on test accuracy. We show that interpolating label noise induces adversarial vulnerability, and prove the first theorem showing the relationship between label noise and adversarial risk for any data distribution. Our results are almost tight if we do not make any assumptions on the inductive bias of the learning algorithm. We then investigate how different components of this problem affect this result, including properties of the distribution. We also discuss non-uniform label noise distributions; and prove a new theorem showing uniform label noise induces nearly as large an adversarial risk as the worst poisoning with the same noise rate. Then, we provide theoretical and empirical evidence that uniform label noise is more harmful than typical real-world label noise. Finally, we show how inductive biases amplify the effect of label noise and argue the need for future work in this direction.