Adversarial Resilience in Sequential Prediction via Abstention
Surbhi Goel, Steve Hanneke, Shay Moran, Abhishek Shetty
TL;DR
This paper introduces a new sequential prediction model that balances stochastic and adversarial scenarios by allowing abstention on adversarial examples, achieving error bounds based on VC dimension.
Contribution
The paper proposes a novel model and algorithms for sequential prediction that interpolate between stochastic and adversarial settings, with abstention to improve robustness.
Findings
Error scales with VC dimension of the hypothesis class
Designed a learner for VC dimension 1 classes without marginal distribution access
Introduced a new measure for quantifying uncertainty in VC class learning
Abstract
We study the problem of sequential prediction in the stochastic setting with an adversary that is allowed to inject clean-label adversarial (or out-of-distribution) examples. Algorithms designed to handle purely stochastic data tend to fail in the presence of such adversarial examples, often leading to erroneous predictions. This is undesirable in many high-stakes applications such as medical recommendations, where abstaining from predictions on adversarial examples is preferable to misclassification. On the other hand, assuming fully adversarial data leads to very pessimistic bounds that are often vacuous in practice. To capture this motivation, we propose a new model of sequential prediction that sits between the purely stochastic and fully adversarial settings by allowing the learner to abstain from making a prediction at no cost on adversarial examples. Assuming access to the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Machine Learning and Algorithms · Machine Learning and Data Classification