Adversarially Robust Generalization Requires More Data

Schmidt, Ludwig; Santurkar, Shibani; Tsipras, Dimitris; Talwar, Kunal; Madry, Aleksander

Author(s)

Schmidt, Ludwig; Santurkar, Shibani; Tsipras, Dimitris; Talwar, Kunal; Madry, Aleksander

DownloadPublished version (424.0Kb)

Terms of use

Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use.

Metadata

Show full item record

Abstract

© 2018 Curran Associates Inc..All rights reserved. Machine learning models are often susceptible to adversarial perturbations of their inputs. Even small perturbations can cause state-of-the-art classifiers with high “standard” accuracy to produce an incorrect prediction with high confidence. To better understand this phenomenon, we study adversarially robust learning from the viewpoint of generalization. We show that already in a simple natural data model, the sample complexity of robust learning can be significantly larger than that of “standard” learning. This gap is information theoretic and holds irrespective of the training algorithm or the model family. We complement our theoretical results with experiments on popular image classification datasets and show that a similar gap exists here as well. We postulate that the difficulty of training robust classifiers stems, at least partially, from this inherently larger sample complexity.

Date issued

2018

URI

https://hdl.handle.net/1721.1/137767

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Citation

Schmidt, Ludwig, Santurkar, Shibani, Tsipras, Dimitris, Talwar, Kunal and Madry, Aleksander. 2018. "Adversarially Robust Generalization Requires More Data."

Version: Final published version

Collections

MIT Open Access Articles