The Price of Implicit Bias in Adversarially Robust Generalization
Nikolaos Tsilivis, Natalie Frank, Nathan Srebro, Julia Kempe
TL;DR
This paper investigates how the implicit bias of optimization algorithms influences the robustness of models trained with robust ERM, highlighting the roles of algorithm choice and architecture in adversarial settings.
Contribution
It characterizes the implicit bias in robust ERM, linking it to robust generalization, and demonstrates its impact through theoretical analysis and experiments with neural networks.
Findings
Implicit bias affects robustness significantly.
Optimization algorithm influences model robustness.
Architecture choices can enhance or impair robustness.
Abstract
We study the implicit bias of optimization in robust empirical risk minimization (robust ERM) and its connection with robust generalization. In classification settings under adversarial perturbations with linear models, we study what type of regularization should ideally be applied for a given perturbation set to improve (robust) generalization. We then show that the implicit bias of optimization in robust ERM can significantly affect the robustness of the model and identify two ways this can happen; either through the optimization algorithm or the architecture. We verify our predictions in simulations with synthetic data and experimentally study the importance of implicit bias in robust ERM with deep neural networks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning
MethodsSparse Evolutionary Training