skip to main content
Language:
Search Limited to: Search Limited to: Resource type Show Results with: Show Results with: Search type Index

On the robustness of randomized classifiers to adversarial examples

Machine learning, 2022-09, Vol.111 (9), p.3425-3457 [Peer Reviewed Journal]

The Author(s) 2022 ;The Author(s) 2022. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License. ;Distributed under a Creative Commons Attribution 4.0 International License ;ISSN: 0885-6125 ;EISSN: 1573-0565 ;DOI: 10.1007/s10994-022-06216-6

Full text available

Citations Cited by
  • Title:
    On the robustness of randomized classifiers to adversarial examples
  • Author: Pinot, Rafael ; Meunier, Laurent ; Yger, Florian ; Gouy-Pailler, Cédric ; Chevaleyre, Yann ; Atif, Jamal
  • Subjects: Accuracy ; Artificial Intelligence ; Artificial neural networks ; Classifiers ; Computer Science ; Control ; Information theory ; Learning theory ; Machine Learning ; Mechatronics ; Natural Language Processing (NLP) ; Random variables ; Robotics ; Robustness ; Simulation and Modeling ; Statistical analysis ; Upper bounds
  • Is Part Of: Machine learning, 2022-09, Vol.111 (9), p.3425-3457
  • Description: This paper investigates the theory of robustness against adversarial attacks. We focus on randomized classifiers (i.e. classifiers that output random variables) and provide a thorough analysis of their behavior through the lens of statistical learning theory and information theory. To this aim, we introduce a new notion of robustness for randomized classifiers, enforcing local Lipschitzness using probability metrics. Equipped with this definition, we make two new contributions. The first one consists in devising a new upper bound on the adversarial generalization gap of randomized classifiers. More precisely, we devise bounds on the generalization gap and the adversarial gap i.e. the gap between the risk and the worst-case risk under attack) of randomized classifiers. The second contribution presents a yet simple but efficient noise injection method to design robust randomized classifiers. We show that our results are applicable to a wide range of machine learning models under mild hypotheses. We further corroborate our findings with experimental results using deep neural networks on standard image datasets, namely CIFAR-10 and CIFAR-100. On these tasks, we manage to design robust models that simultaneously achieve state-of-the-art accuracy (over 0.82 clean accuracy on CIFAR-10) and enjoy guaranteed robust accuracy bounds (0.45 against ℓ 2 adversaries with magnitude 0.5 on CIFAR-10).
  • Publisher: New York: Springer US
  • Language: English
  • Identifier: ISSN: 0885-6125
    EISSN: 1573-0565
    DOI: 10.1007/s10994-022-06216-6
  • Source: Hyper Article en Ligne (HAL) (Open Access)
    Springer Nature OA/Free Journals
    ProQuest Central
Back to results list
INSPIRE LIBRARY - TON DUC THANG UNIVERSITY (84-028) 37 755 057 Feedback
19 Nguyen Huu Tho St. Dist.7, HCM thuvien@tdtu.edu.vn

Copyright © 2017 INSPIRE LIBRARY - TON DUC THANG UNIVERSITY

Searching Remote Databases, Please Wait