TL;DR
This paper introduces a new framework for online learning of robust classifiers under adversarial perturbations, defining a novel class dimension that governs mistake and regret bounds, extending to multiclass scenarios and uncertain perturbation sets.
Contribution
It proposes a new class dimension controlling mistake and regret bounds in adversarially robust online learning, extending the theory beyond PAC to online and multiclass settings.
Findings
The new dimension characterizes learnability in the robust online setting.
Mistake bounds depend on the new dimension in the realizable case.
Regret bounds depend on the new dimension in the agnostic case.
Abstract
We study the problem of learning robust classifiers where the classifier will receive a perturbed input. Unlike robust PAC learning studied in prior work, here the clean data and its label are also adversarially chosen. We formulate this setting as an online learning problem and consider both the realizable and agnostic learnability of hypothesis classes. We define a new dimension of classes and show it controls the mistake bounds in the realizable setting and the regret bounds in the agnostic setting. In contrast to the dimension that characterizes learnability in the PAC setting, our dimension is rather simple and resembles the Littlestone dimension. We generalize our dimension to multiclass hypothesis classes and prove similar results in the realizable case. Finally, we study the case where the learner does not know the set of allowed perturbations for each point and only has some…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsMachine Learning and Algorithms · Advanced Bandit Algorithms Research · Adversarial Robustness in Machine Learning