Theoretically Principled Trade-off between Robustness and Accuracy

Waterloo, Change Institutions to: University of; Yu, Yaodong; Jiao, Jiantao; Xing, Eric P.; Ghaoui, Laurent El; Jordan, Michael I.

doi:10.48550/arxiv.1901.08573

preprintarXiv (Cornell University)Jan 24, 2019GREEN OA

Theoretically Principled Trade-off between Robustness and Accuracy

CIChange Institutions to: University of Waterloo YYYaodong Yu JJJiantao Jiao EPEric P. Xing LELaurent El Ghaoui

Carnegie Mellon University · University of Virginia · +1 more institution

Indexed inarxivdatacite

Abstract

We identify a trade-off between robustness and accuracy that serves as a guiding principle in the design of defenses against adversarial examples. Although this problem has been widely studied empirically, much remains unknown concerning the theory underlying this trade-off. In this work, we decompose the prediction error for adversarial examples (robust error) as the sum of the natural (classification) error and boundary error, and provide a differentiable upper bound using the theory of classification-calibrated loss, which is shown to be the tightest possible upper bound uniform over all probability distributions and measurable predictors. Inspired by our theoretical analysis, we also design a new defense…

Citation impact

922

total citations

FWCI: —
Percentile: —
References: 68

Citations per year

Authors

6

Topics & keywords

Topics

Keywords

Adversarial system
Robustness (evolution)
Upper and lower bounds
Differentiable function
Computer science
Perturbation (astronomy)
Algorithm
Artificial intelligence

UN Sustainable Development Goals

Partnerships for the goals

No related works found for this paper.