Adversarial Rademacher Complexity of Deep Neural Networks
Jiancong Xiao, Yanbo Fan, Ruoyu Sun, Zhi-Quan Luo
TL;DR
This paper establishes the first theoretical bounds on the adversarial Rademacher complexity of deep neural networks, enhancing understanding of adversarial generalization and robustness.
Contribution
It introduces a novel approach using covering numbers to bound the adversarial Rademacher complexity for multi-layer deep neural networks.
Findings
Provides the first bound of adversarial Rademacher complexity for DNNs.
Analyzes the implications of the bounds on adversarial generalization.
Offers insights into poor adversarial robustness in practice.
Abstract
Deep neural networks are vulnerable to adversarial attacks. Ideally, a robust model shall perform well on both the perturbed training data and the unseen perturbed test data. It is found empirically that fitting perturbed training data is not hard, but generalizing to perturbed test data is quite difficult. To better understand adversarial generalization, it is of great interest to study the adversarial Rademacher complexity (ARC) of deep neural networks. However, how to bound ARC in multi-layers cases is largely unclear due to the difficulty of analyzing adversarial loss in the definition of ARC. There have been two types of attempts of ARC. One is to provide the upper bound of ARC in linear and one-hidden layer cases. However, these approaches seem hard to extend to multi-layer cases. Another is to modify the adversarial loss and provide upper bounds of Rademacher complexity on such…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Neural Network Applications · Anomaly Detection Techniques and Applications
MethodsTest