On the generalization analysis of adversarial learning

Waleed Mustafa; Yunwen Lei; Marius Kloft

On the generalization analysis of adversarial learning

Waleed Mustafa, Yunwen Lei, Marius Kloft

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

22 Downloads (Pure)

Abstract

Many recent studies have highlighted the susceptibility of virtually all machine-learning models to adversarial attacks. Adversarial attacks are imperceptible changes to an input example of a given prediction model. Such changes are carefully designed to alter the otherwise correct prediction of the model. In this paper, we study the generalization properties of adversarial learning. In particular, we derive high-probability generalization bounds on the adversarial risk in terms of the empirical adversarial risk, the complexity of the function class and the adversarial noise set. Our bounds are generally applicable to many models, losses, and adversaries. We showcase its applicability by deriving adversarial generalization bounds for the multi-class classification setting and various prediction models (including linear models and Deep Neural Networks). We also derive optimistic adversarial generalization bounds for the case of smooth losses. These are the first fast-rate bounds valid for adversarial deep learning to the best of our knowledge.

Original language	English
Title of host publication	International Conference on Machine Learning, 17-23 July 2022, Baltimore, Maryland, USA
Editors	Kamalika Chaudhuri, Stefanie Jegelka, Le Song, Csaba Szepesvari, Gang Niu, Sivan Sabato
Publisher	Proceedings of Machine Learning Research
Pages	16174-16196
Number of pages	23
Publication status	Published - 12 Jul 2022
Event	Thirty-ninth International Conference on Machine Learning - Baltimore Convention Center, Baltimore , United States Duration: 17 Jul 2022 → 23 Jul 2022

Publication series

Name	Proceedings of Machine Learning Research
Volume	162
ISSN (Electronic)	2640-3498

Conference

Conference	Thirty-ninth International Conference on Machine Learning
Abbreviated title	ICML 2022
Country/Territory	United States
City	Baltimore
Period	17/07/22 → 23/07/22

Access to Document

MustafaW2022generalizationFinal published version, 399 KB

https://proceedings.mlr.press/v162/mustafa22a.html

Cite this

Mustafa, W., Lei, Y., & Kloft, M. (2022). On the generalization analysis of adversarial learning. In K. Chaudhuri, S. Jegelka, L. Song, C. Szepesvari, G. Niu, & S. Sabato (Eds.), International Conference on Machine Learning, 17-23 July 2022, Baltimore, Maryland, USA (pp. 16174-16196). (Proceedings of Machine Learning Research; Vol. 162). Proceedings of Machine Learning Research. https://proceedings.mlr.press/v162/mustafa22a.html

Mustafa, Waleed ; Lei, Yunwen ; Kloft, Marius. / On the generalization analysis of adversarial learning. International Conference on Machine Learning, 17-23 July 2022, Baltimore, Maryland, USA. editor / Kamalika Chaudhuri ; Stefanie Jegelka ; Le Song ; Csaba Szepesvari ; Gang Niu ; Sivan Sabato. Proceedings of Machine Learning Research, 2022. pp. 16174-16196 (Proceedings of Machine Learning Research).

@inproceedings{18b3bceefac74284a7fec52659094d1a,

title = "On the generalization analysis of adversarial learning",

abstract = "Many recent studies have highlighted the susceptibility of virtually all machine-learning models to adversarial attacks. Adversarial attacks are imperceptible changes to an input example of a given prediction model. Such changes are carefully designed to alter the otherwise correct prediction of the model. In this paper, we study the generalization properties of adversarial learning. In particular, we derive high-probability generalization bounds on the adversarial risk in terms of the empirical adversarial risk, the complexity of the function class and the adversarial noise set. Our bounds are generally applicable to many models, losses, and adversaries. We showcase its applicability by deriving adversarial generalization bounds for the multi-class classification setting and various prediction models (including linear models and Deep Neural Networks). We also derive optimistic adversarial generalization bounds for the case of smooth losses. These are the first fast-rate bounds valid for adversarial deep learning to the best of our knowledge.",

author = "Waleed Mustafa and Yunwen Lei and Marius Kloft",

year = "2022",

month = jul,

day = "12",

language = "English",

series = "Proceedings of Machine Learning Research",

publisher = "Proceedings of Machine Learning Research",

pages = "16174--16196",

editor = "Kamalika Chaudhuri and Stefanie Jegelka and Le Song and Csaba Szepesvari and Gang Niu and Sivan Sabato",

booktitle = "International Conference on Machine Learning, 17-23 July 2022, Baltimore, Maryland, USA",

note = "Thirty-ninth International Conference on Machine Learning, ICML 2022 ; Conference date: 17-07-2022 Through 23-07-2022",

}

Mustafa, W, Lei, Y & Kloft, M 2022, On the generalization analysis of adversarial learning. in K Chaudhuri, S Jegelka, L Song, C Szepesvari, G Niu & S Sabato (eds), International Conference on Machine Learning, 17-23 July 2022, Baltimore, Maryland, USA. Proceedings of Machine Learning Research, vol. 162, Proceedings of Machine Learning Research, pp. 16174-16196, Thirty-ninth International Conference on Machine Learning, Baltimore , Maryland, United States, 17/07/22. <https://proceedings.mlr.press/v162/mustafa22a.html>

On the generalization analysis of adversarial learning. / Mustafa, Waleed; Lei, Yunwen; Kloft, Marius.
International Conference on Machine Learning, 17-23 July 2022, Baltimore, Maryland, USA. ed. / Kamalika Chaudhuri; Stefanie Jegelka; Le Song; Csaba Szepesvari; Gang Niu; Sivan Sabato. Proceedings of Machine Learning Research, 2022. p. 16174-16196 (Proceedings of Machine Learning Research; Vol. 162).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - On the generalization analysis of adversarial learning

AU - Mustafa, Waleed

AU - Lei, Yunwen

AU - Kloft, Marius

PY - 2022/7/12

Y1 - 2022/7/12

N2 - Many recent studies have highlighted the susceptibility of virtually all machine-learning models to adversarial attacks. Adversarial attacks are imperceptible changes to an input example of a given prediction model. Such changes are carefully designed to alter the otherwise correct prediction of the model. In this paper, we study the generalization properties of adversarial learning. In particular, we derive high-probability generalization bounds on the adversarial risk in terms of the empirical adversarial risk, the complexity of the function class and the adversarial noise set. Our bounds are generally applicable to many models, losses, and adversaries. We showcase its applicability by deriving adversarial generalization bounds for the multi-class classification setting and various prediction models (including linear models and Deep Neural Networks). We also derive optimistic adversarial generalization bounds for the case of smooth losses. These are the first fast-rate bounds valid for adversarial deep learning to the best of our knowledge.

AB - Many recent studies have highlighted the susceptibility of virtually all machine-learning models to adversarial attacks. Adversarial attacks are imperceptible changes to an input example of a given prediction model. Such changes are carefully designed to alter the otherwise correct prediction of the model. In this paper, we study the generalization properties of adversarial learning. In particular, we derive high-probability generalization bounds on the adversarial risk in terms of the empirical adversarial risk, the complexity of the function class and the adversarial noise set. Our bounds are generally applicable to many models, losses, and adversaries. We showcase its applicability by deriving adversarial generalization bounds for the multi-class classification setting and various prediction models (including linear models and Deep Neural Networks). We also derive optimistic adversarial generalization bounds for the case of smooth losses. These are the first fast-rate bounds valid for adversarial deep learning to the best of our knowledge.

M3 - Conference contribution

T3 - Proceedings of Machine Learning Research

SP - 16174

EP - 16196

BT - International Conference on Machine Learning, 17-23 July 2022, Baltimore, Maryland, USA

A2 - Chaudhuri, Kamalika

A2 - Jegelka, Stefanie

A2 - Song, Le

A2 - Szepesvari, Csaba

A2 - Niu, Gang

A2 - Sabato, Sivan

PB - Proceedings of Machine Learning Research

T2 - Thirty-ninth International Conference on Machine Learning

Y2 - 17 July 2022 through 23 July 2022

ER -

On the generalization analysis of adversarial learning

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this