Adversarially Robust Generalization Requires More Data Ludwig - PowerPoint PPT Presentation

Adversarially Robust Generalization Requires More Data Ludwig Schmidt Shibani Santurkar Dimitris Tsipras Poster #31 Kunal Talwar Aleksander M ą dry

Adversarial Examples [Szegedy, Zaremba, Sutskever, Bruna, Erhan, Goodfellow, Fergus, 2013] [Biggio, Corona, Maiorca, Nelson, Srndic, Laskov, Giacinto, Roli, 2013]

Adversarial Examples [Szegedy, Zaremba, Sutskever, Bruna, Erhan, Goodfellow, Fergus, 2013] [Biggio, Corona, Maiorca, Nelson, Srndic, Laskov, Giacinto, Roli, 2013] What makes adversarial examples a hard problem? This paper: perspective on sample complexity

<latexit sha1_base64="TCezhzHnvwDoFMFoQ4EK/L9JVgU=">ADOHicdVJdaxNBFJ2sXzV+NVHXwaDkEosiQj6IpRapULVCqYt7CxhdnI3GTq7s8zcLQnD/jHfPBH+OZb8c32Fzi7CaVt6oWFs+eO/fOuRPnSlrs9X41ghs3b92+s3K3e/+g4erbVH+1YXRsBAaKXNYcwtKJnBACUqOMwN8DRWcBAfvavyB8dgrNTZN5zlEKV8nMlECo6eGrZClnKc6NyxXW7GUP/FsXtflkM37dIZVamtKYFV267LClTkGBIWZcyhCk6pa0tO0lnu716zVv5HiC0bDV7m306qDLoL8AbKIveFa4ycbaVGkKFQ3Nqw38sxctygFArKJis5Fwc8TGEHmY8BRu52oWSPvPMiCba+C9DWrMXKxPrZ2lsVdW17FXcxV5XS4sMHkTOZnlBUIm5o2SQlHUtLKUjqQBgWrmARdG+lmpmHDBXrjL3WpBrM5CH8TC5hymVM2KSUfkSupPhQTV7FW7oD6hj8WfwzFPBit3J0rulW8i2tRufiZflAoeF1zbn6QoP/q+eiyF3TvGw2Tb4tRj45C36koPhqM1zx/zDSWVW+jWNWbdCfvH9q2teBvsvN/oef3V3txaPIEV8oQ8JR3SJ6/Jtkhe2RABPlBTshfchp8D34HJ8GfuTRoLGoek0sRnP0DAYoHOQ=</latexit> <latexit sha1_base64="TCezhzHnvwDoFMFoQ4EK/L9JVgU=">ADOHicdVJdaxNBFJ2sXzV+NVHXwaDkEosiQj6IpRapULVCqYt7CxhdnI3GTq7s8zcLQnD/jHfPBH+OZb8c32Fzi7CaVt6oWFs+eO/fOuRPnSlrs9X41ghs3b92+s3K3e/+g4erbVH+1YXRsBAaKXNYcwtKJnBACUqOMwN8DRWcBAfvavyB8dgrNTZN5zlEKV8nMlECo6eGrZClnKc6NyxXW7GUP/FsXtflkM37dIZVamtKYFV267LClTkGBIWZcyhCk6pa0tO0lnu716zVv5HiC0bDV7m306qDLoL8AbKIveFa4ycbaVGkKFQ3Nqw38sxctygFArKJis5Fwc8TGEHmY8BRu52oWSPvPMiCba+C9DWrMXKxPrZ2lsVdW17FXcxV5XS4sMHkTOZnlBUIm5o2SQlHUtLKUjqQBgWrmARdG+lmpmHDBXrjL3WpBrM5CH8TC5hymVM2KSUfkSupPhQTV7FW7oD6hj8WfwzFPBit3J0rulW8i2tRufiZflAoeF1zbn6QoP/q+eiyF3TvGw2Tb4tRj45C36koPhqM1zx/zDSWVW+jWNWbdCfvH9q2teBvsvN/oef3V3txaPIEV8oQ8JR3SJ6/Jtkhe2RABPlBTshfchp8D34HJ8GfuTRoLGoek0sRnP0DAYoHOQ=</latexit> <latexit sha1_base64="TCezhzHnvwDoFMFoQ4EK/L9JVgU=">ADOHicdVJdaxNBFJ2sXzV+NVHXwaDkEosiQj6IpRapULVCqYt7CxhdnI3GTq7s8zcLQnD/jHfPBH+OZb8c32Fzi7CaVt6oWFs+eO/fOuRPnSlrs9X41ghs3b92+s3K3e/+g4erbVH+1YXRsBAaKXNYcwtKJnBACUqOMwN8DRWcBAfvavyB8dgrNTZN5zlEKV8nMlECo6eGrZClnKc6NyxXW7GUP/FsXtflkM37dIZVamtKYFV267LClTkGBIWZcyhCk6pa0tO0lnu716zVv5HiC0bDV7m306qDLoL8AbKIveFa4ycbaVGkKFQ3Nqw38sxctygFArKJis5Fwc8TGEHmY8BRu52oWSPvPMiCba+C9DWrMXKxPrZ2lsVdW17FXcxV5XS4sMHkTOZnlBUIm5o2SQlHUtLKUjqQBgWrmARdG+lmpmHDBXrjL3WpBrM5CH8TC5hymVM2KSUfkSupPhQTV7FW7oD6hj8WfwzFPBit3J0rulW8i2tRufiZflAoeF1zbn6QoP/q+eiyF3TvGw2Tb4tRj45C36koPhqM1zx/zDSWVW+jWNWbdCfvH9q2teBvsvN/oef3V3txaPIEV8oQ8JR3SJ6/Jtkhe2RABPlBTshfchp8D34HJ8GfuTRoLGoek0sRnP0DAYoHOQ=</latexit> <latexit sha1_base64="TCezhzHnvwDoFMFoQ4EK/L9JVgU=">ADOHicdVJdaxNBFJ2sXzV+NVHXwaDkEosiQj6IpRapULVCqYt7CxhdnI3GTq7s8zcLQnD/jHfPBH+OZb8c32Fzi7CaVt6oWFs+eO/fOuRPnSlrs9X41ghs3b92+s3K3e/+g4erbVH+1YXRsBAaKXNYcwtKJnBACUqOMwN8DRWcBAfvavyB8dgrNTZN5zlEKV8nMlECo6eGrZClnKc6NyxXW7GUP/FsXtflkM37dIZVamtKYFV267LClTkGBIWZcyhCk6pa0tO0lnu716zVv5HiC0bDV7m306qDLoL8AbKIveFa4ycbaVGkKFQ3Nqw38sxctygFArKJis5Fwc8TGEHmY8BRu52oWSPvPMiCba+C9DWrMXKxPrZ2lsVdW17FXcxV5XS4sMHkTOZnlBUIm5o2SQlHUtLKUjqQBgWrmARdG+lmpmHDBXrjL3WpBrM5CH8TC5hymVM2KSUfkSupPhQTV7FW7oD6hj8WfwzFPBit3J0rulW8i2tRufiZflAoeF1zbn6QoP/q+eiyF3TvGw2Tb4tRj45C36koPhqM1zx/zDSWVW+jWNWbdCfvH9q2teBvsvN/oef3V3txaPIEV8oQ8JR3SJ6/Jtkhe2RABPlBTshfchp8D34HJ8GfuTRoLGoek0sRnP0DAYoHOQ=</latexit> Standard vs Robust Generalization x,y ∼ D [ loss ( f ( x ) , y ) ] “Standard” Generalization: E