Robust optimization for adversarial learning with finite sample complexity guarantees
Robust optimization for adversarial learning with finite sample complexity guarantees
Decision making and learning in the presence of uncertainty has attracted significant attention in view of the increasing need to achieve robust and reliable operations. In the case where uncertainty stems from the presence of adversarial attacks this need is becoming more prominent. In this paper we focus on linear and nonlinear classification problems and propose a novel adversarial training method for robust classifiers, inspired by Support Vector Machine (SVM) margins. We view robustness under a data driven lens, and derive finite sample complexity bounds for both linear and non-linear classifiers in binary and multi-class scenarios. Notably, our bounds match natural classifiers' complexity. Our algorithm minimizes a worst-case surrogate loss using Linear Programming (LP) and Second Order Cone Programming (SOCP) for linear and non-linear models. Numerical experiments on the benchmark MNIST and CIFAR10 datasets show our approach's comparable performance to state-of-the-art methods, without needing adversarial examples during training. Our work offers a comprehensive framework for enhancing binary linear and non-linear classifier robustness, embedding robustness in learning under the presence of adversaries.
Bertolace, André
0e6ea6ee-b10b-4695-8edb-fbffdecb8d5e
Gatsis, Konstatinos
f808d11b-38f1-4a44-ba56-3364d63558d7
Margellos, Kostas
b40fa8c3-91c0-41e9-b8d6-926ffd9ced45
22 March 2024
Bertolace, André
0e6ea6ee-b10b-4695-8edb-fbffdecb8d5e
Gatsis, Konstatinos
f808d11b-38f1-4a44-ba56-3364d63558d7
Margellos, Kostas
b40fa8c3-91c0-41e9-b8d6-926ffd9ced45
[Unknown type: UNSPECIFIED]
Abstract
Decision making and learning in the presence of uncertainty has attracted significant attention in view of the increasing need to achieve robust and reliable operations. In the case where uncertainty stems from the presence of adversarial attacks this need is becoming more prominent. In this paper we focus on linear and nonlinear classification problems and propose a novel adversarial training method for robust classifiers, inspired by Support Vector Machine (SVM) margins. We view robustness under a data driven lens, and derive finite sample complexity bounds for both linear and non-linear classifiers in binary and multi-class scenarios. Notably, our bounds match natural classifiers' complexity. Our algorithm minimizes a worst-case surrogate loss using Linear Programming (LP) and Second Order Cone Programming (SOCP) for linear and non-linear models. Numerical experiments on the benchmark MNIST and CIFAR10 datasets show our approach's comparable performance to state-of-the-art methods, without needing adversarial examples during training. Our work offers a comprehensive framework for enhancing binary linear and non-linear classifier robustness, embedding robustness in learning under the presence of adversaries.
Text
2403.15207v1
- Author's Original
More information
Published date: 22 March 2024
Identifiers
Local EPrints ID: 494566
URI: http://eprints.soton.ac.uk/id/eprint/494566
PURE UUID: c43d4906-07d9-42dc-94f2-5161f2ff2a1b
Catalogue record
Date deposited: 10 Oct 2024 16:47
Last modified: 11 Oct 2024 02:08
Export record
Altmetrics
Contributors
Author:
André Bertolace
Author:
Konstatinos Gatsis
Author:
Kostas Margellos
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics