Sample Complexity Bounds for Robustly Learning Decision Lists against Evasion Attacks

Hintersdorf, Dominik; Struppek, Lukas; Kersting, Kristian

doi:10.24963/ijcai.2022/419

Cited by 4 publications

(5 citation statements)

References 69 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specifically, determining the conditions under which robust learning is possible, and to what extent, is one of the major problems in the field. In this regard, [128] have made several important contributions. They showed that robust learning is impossible in the distribution-free setting even when the adversary is restricted to perturbing just a single bit of the input.…”

Section: Hardness Resultsmentioning

confidence: 99%

An Introduction to Adversarially Robust Deep Learning

Peck,

Goossens,

Saeys

2024

IEEE Trans. Pattern Anal. Mach. Intell.

View full text Add to dashboard Cite

The widespread success of deep learning in solving machine learning problems has fueled its adoption in many fields, from speech recognition to drug discovery and medical imaging. However, deep learning systems are extremely fragile: imperceptibly small modifications to their input data can cause the models to produce erroneous output. It is very easy to generate such adversarial perturbations even for state-of-the-art models, yet immunization against them has proven exceptionally challenging. Despite over a decade of research on this problem, our solutions are still far from satisfactory and many open problems remain. In this work, we survey some of the most important contributions in the field of adversarial robustness. We pay particular attention to the reasons why past attempts at improving robustness have been insufficient, and we identify several promising areas for future research.

show abstract

Section: Hardness Resultsmentioning

confidence: 99%

An Introduction to Adversarially Robust Deep Learning

Peck,

Goossens,

Saeys

2024

IEEE Trans. Pattern Anal. Mach. Intell.

View full text Add to dashboard Cite

show abstract

“…In this section, we show that the amount of data needed to ρ-robustly learn conjunctions under the uniform distribution has an exponential dependence on the adversary's budget ρ when the learner only has access to the EX and LMQ oracles. Here, the lower bound on the sample drawn from the example oracle is 2 ρ , which is the same as the lower bound for monotone conjunctions derived in Gourdeau et al (2022), and the local membership query lower bound is 2 ρ−1 . The result relies on showing there there exists a family of conjunctions that remain indistinguishable from each other on any sample of size 2 ρ and any sequence of 2 ρ−1 LMQs with constant probability.…”

Section: A Local Membership Query Lower Bound For Conjunctionsmentioning

confidence: 85%

“…We use the term robustness threshold from Gourdeau et al (2021) to denote an adversarial budget function ρ : N → R of the input dimension n such that, if the adversary is allowed perturbations of magnitude ρ(n), then there exists a sample-efficient ρ(n)-robust learning algorithm, and if the adversary's budget is ω(ρ(n)), then there does not exist such an algorithm. Robustness thresholds are distribution-dependent when the learner only has access to the example oracle EX, as seen in (Gourdeau et al, 2021(Gourdeau et al, , 2022. Now, since the local membership query lower bound above has an exponential dependence on ρ, any perturbation budget ω(log n) will require a sample and query complexity that is superpolynomial in n, giving the following corollary.…”

Section: A Local Membership Query Lower Bound For Conjunctionsmentioning

confidence: 98%

“…They also show that monotone conjunctions have a robustness threshold of Θ(log n) under log-Lipschitz distributions, meaning that this class is efficiently robustly learnable against an adversary that can perturb log n bits of the input, but if an adversary is allowed to perturb ρ = ω(log n) bits of the input, there does not exist a sample-efficient learning algorithm for this problem. Gourdeau et al (2021) extended this result to the class of monotone decision lists and Gourdeau et al (2022) showed a sample complexity lower bound for monotone conjunctions that is exponential in ρ and that the robustness threshold of decision lists is also Θ(log n). Finally, Diakonikolas et al (2020) and Bhattacharjee et al (2021) have used online learning algorithms for robust learning with respect to the constant-in-the-ball notion of robustness.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

When are Local Queries Useful for Robust Learning?

Gourdeau¹,

Kanade²,

Kwiatkowska³

et al. 2022

Preprint

View full text Add to dashboard Cite

Distributional assumptions have been shown to be necessary for the robust learnability of concept classes when considering the exact-in-the-ball robust risk and access to random examples by Gourdeau et al. (2019). In this paper, we study learning models where the learner is given more power through the use of local queries, and give the first distribution-free algorithms that perform robust empirical risk minimization (ERM) for this notion of robustness. The first learning model we consider uses local membership queries (LMQ), where the learner can query the label of points near the training sample. We show that, under the uniform distribution, LMQs do not increase the robustness threshold of conjunctions and any superclass, e.g., decision lists and halfspaces. Faced with this negative result, we introduce the local equivalence query (LEQ) oracle, which returns whether the hypothesis and target concept agree in the perturbation region around a point in the training sample, as well as a counterexample if it exists. We show a separation result: on one hand, if the query radius λ is strictly smaller than the adversary's perturbation budget ρ, then distribution-free robust learning is impossible for a wide variety of concept classes; on the other hand, the setting λ = ρ allows us to develop robust ERM algorithms. We then bound the query complexity of these algorithms based on online learning guarantees and further improve these bounds for the special case of conjunctions. We finish by giving robust learning algorithms for halfspaces with margins on both {0, 1} n and R n .

show abstract

“…A natural question then arises as to whether one can learn a model that is guaranteed to be robust. Building on the positive and negative theoretical results in the case of robust learning against evasion attacks [58], [59], [60], [61], it would be interesting to generalise these results to neural network models and development of implementable frameworks that can provide provable guarantees on robustness.…”

Section: Future Challengesmentioning

confidence: 99%

When to Trust AI: Advances and Challenges for Certification of Neural Networks

Kwiatkowska,

Zhang

2023

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Artificial intelligence (AI) has been advancing at a fast pace and it is now poised for deployment in a wide range of applications, such as autonomous systems, medical diagnosis and natural language processing. Early adoption of AI technology for real-world applications has not been without problems, particularly for neural networks, which may be unstable and susceptible to adversarial examples. In the longer term, appropriate safety assurance techniques need to be developed to reduce potential harm due to avoidable system failures and ensure trustworthiness. Focusing on certification and explainability, this paper provides an overview of techniques that have been developed to ensure safety of AI decisions and discusses future challenges.

show abstract

Sample Complexity Bounds for Robustly Learning Decision Lists against Evasion Attacks

Cited by 4 publications

References 69 publications

An Introduction to Adversarially Robust Deep Learning

An Introduction to Adversarially Robust Deep Learning

When are Local Queries Useful for Robust Learning?

When to Trust AI: Advances and Challenges for Certification of Neural Networks

Contact Info

Product

Resources

About