Adversarially Robust Generalization Requires More Data

• dc.contributor.author: Schmidt, Ludwig
• dc.contributor.author: Santurkar, Shibani
• dc.contributor.author: Tsipras, Dimitris
• dc.contributor.author: Talwar, Kunal
• dc.contributor.author: Madry, Aleksander
• dc.date.issued: 2018
• dc.identifier.uri: https://hdl.handle.net/1721.1/137767
• dc.description.abstract: © 2018 Curran Associates Inc..All rights reserved. Machine learning models are often susceptible to adversarial perturbations of their inputs. Even small perturbations can cause state-of-the-art classifiers with high “standard” accuracy to produce an incorrect prediction with high confidence. To better understand this phenomenon, we study adversarially robust learning from the viewpoint of generalization. We show that already in a simple natural data model, the sample complexity of robust learning can be significantly larger than that of “standard” learning. This gap is information theoretic and holds irrespective of the training algorithm or the model family. We complement our theoretical results with experiments on popular image classification datasets and show that a similar gap exists here as well. We postulate that the difficulty of training robust classifiers stems, at least partially, from this inherently larger sample complexity.
• dc.language.iso: en
• dc.relation.isversionof: https://papers.nips.cc/paper/7749-adversarially-robust-generalization-requires-more-data
• dc.source: Neural Information Processing Systems (NIPS)
• dc.type: Article
• dc.identifier.citation: Schmidt, Ludwig, Santurkar, Shibani, Tsipras, Dimitris, Talwar, Kunal and Madry, Aleksander. 2018. "Adversarially Robust Generalization Requires More Data."
• dc.contributor.department: Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.eprint.version: Final published version