Uniform Convergence of Adversarially Robust Classifiers
Rachel Morris and Ryan Murray
近年来,人们对不同类型的对抗扰动在数据分类问题中的影响产生了浓厚的兴趣。 其中许多模型都结合了对抗性功率,这是一个重要的参数,在准确性和稳健性之间具有相关的权衡。 这项工作考虑了在大量数据或人口水平限制下对不利分类问题的一般框架。 在这样的制度中,我们证明,随着对抗强度的归零,最佳分类器在Hausdorff距离中收敛到贝叶斯分类器。 这大大加强了以前的结果,通常侧重于L^1型收敛。 主要论点依赖于直接的几何比较,并受到几何测量理论的技术的启发。
In recent years there has been significant interest in the effect of different types of adversarial perturbations in data classification problems. Many of these models incorporate the adversarial power, which is an important parameter with an associated trade-off between accuracy and robustness. This work considers a general framework for adversarially-perturbed classification problems, in a large data or population-level limit. In such a regime, we demonstrate that as adversarial strength goes ...