Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Adversarial Consistency and the Uniqueness of the Adversarial Bayes Classifier (2404.17358v3)

Published 26 Apr 2024 in cs.LG, math.ST, stat.ML, and stat.TH

Abstract: Minimizing an adversarial surrogate risk is a common technique for learning robust classifiers. Prior work showed that convex surrogate losses are not statistically consistent in the adversarial context -- or in other words, a minimizing sequence of the adversarial surrogate risk will not necessarily minimize the adversarial classification error. We connect the consistency of adversarial surrogate losses to properties of minimizers to the adversarial classification risk, known as adversarial Bayes classifiers. Specifically, under reasonable distributional assumptions, a convex surrogate loss is statistically consistent for adversarial learning iff the adversarial Bayes classifier satisfies a certain notion of uniqueness.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (30)
  1. Calibration and consistency of adversarial surrogate losses. NeurIps, 2021a.
  2. A finer calibration analysis for adversarial robustness. arxiv, 2021b.
  3. H-consistency bounds for surrogate loss minimizers. In K. Chaudhuri, S. Jegelka, L. Song, C. Szepesvari, G. Niu, and S. Sabato, editors, Proceedings of the 39th International Conference on Machine Learning, Proceedings of Machine Learning Research. PMLR, 2022.
  4. Calibrated surrogate losses for adversarially robust classification. arxiv, 2021.
  5. Convexity, classification, and risk bounds. Journal of the American Statistical Association, 101(473), 2006.
  6. On the difficulty of approximately maximizing agreements. Journal of Computer System Sciences, 2003.
  7. Lower bounds on adversarial robustness from optimal transport, 2019.
  8. Evasion attacks against machine learning at test time. In Joint European conference on machine learning and knowledge discovery in databases, pages 387–402. Springer, 2013.
  9. An analysis of adversarial attacks and defenses on autonomous driving models, 2020.
  10. G. B. Folland. Real analysis: modern techniques and their applications, volume 40. John Wiley & Sons, 1999.
  11. N. S. Frank. A notion of uniqueness for the adversarial bayes classifier. arxiv, 2024.
  12. N. S. Frank and J. Niles-Weed. The adversarial consistency of surrogate risks for binary classification. NeurIps, 2024a.
  13. N. S. Frank and J. Niles-Weed. Existence and minimax theorems for adversarial surrogate risks in binary classification. JMLR, 2024b.
  14. On the role of randomization in adversarially robust classification, 2023.
  15. H. Jylhä. The l∞superscript𝑙l^{\infty}italic_l start_POSTSUPERSCRIPT ∞ end_POSTSUPERSCRIPT optimal transport: Infinite cyclical monotonicity and the existence of optimal transport maps. Calculus of Variations and Partial Differential Equations, 2014.
  16. J. D. Li and M. Telgarsky. On achieving optimal adversarial test error, 2023.
  17. Y. Lin. A note on margin-based loss functions in classification. Statistics & Probability Letters, 68(1):73–82, 2004.
  18. Towards consistency in adversarial classification. arXiv, 2022.
  19. S. A. Mingyuan Zhang. Consistency vs. h-consistency: The interplay between surrogate loss functions and the scoring function class. NeurIps, 2020.
  20. Generalizability vs. robustness: Adversarial examples for medical imaging. Springer, 2018.
  21. R. A. S. Philip M. Long. Consistency versus realizable h-consistency for multiclass classification. ICML, 2013.
  22. M. S. Pydi and V. Jog. Adversarial risk via optimal transport and optimal couplings. ICML, 2020.
  23. M. S. Pydi and V. Jog. The many faces of adversarial risk. Neural Information Processing Systems, 2021.
  24. I. Steinwart. How to compare different loss functions and their risks. Constructive Approximation, 2007.
  25. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199, 2013.
  26. N. G. Trillos and R. Murray. Adversarial classification: Necessary conditions and geometric flows. arxiv, 2022.
  27. The multimarginal optimal transport formulation of adversarial multiclass classification. arXiv, 2022.
  28. On the existence of solutions to adversarial training in multiclass classification, 2023.
  29. Adversarial Attacks on Face Recognition Systems, pages 139–161. Springer International Publishing, Cham, 2022.
  30. T. Zhang. Statistical behavior and consistency of classification methods based on convex risk minimization. The Annals of Statistics, 2004.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now