2022
DOI: 10.48550/arxiv.2203.02006
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Why adversarial training can hurt robust accuracy

Abstract: Machine learning classifiers with high test accuracy often perform poorly under adversarial attacks. It is commonly believed that adversarial training alleviates this issue. In this paper, we demonstrate that, surprisingly, the opposite may be true -Even though adversarial training helps when enough data is available, it may hurt robust generalization in the small sample size regime. We first prove this phenomenon for a high-dimensional linear classification setting with noiseless observations. Our proof provi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2022
2022
2022
2022

Publication Types

Select...
1

Relationship

0
1

Authors

Journals

citations
Cited by 1 publication
(1 citation statement)
references
References 23 publications
0
1
0
Order By: Relevance
“…However, recent studies show a trade-off between a model's generalization capabilities (i.e., its standard test accuracy) and its robust accuracy [14,34,39,47]. AT can also expose the model to new threats [53] and, perhaps even more remarkably, increase robust error at times [15]. It is possible to use AT at training time as a defense in the federated learning context [13] but it creates its own sensitive exposure to a potentially malicious server.…”
Section: Related Workmentioning
confidence: 99%
“…However, recent studies show a trade-off between a model's generalization capabilities (i.e., its standard test accuracy) and its robust accuracy [14,34,39,47]. AT can also expose the model to new threats [53] and, perhaps even more remarkably, increase robust error at times [15]. It is possible to use AT at training time as a defense in the federated learning context [13] but it creates its own sensitive exposure to a potentially malicious server.…”
Section: Related Workmentioning
confidence: 99%