on the hardness of robust classification
play

On the Hardness of Robust Classification P. Gourdeau, V. Kanade, M. - PowerPoint PPT Presentation

Sep 05, 2022 •26 likes •956 views

On the Hardness of Robust Classification P. Gourdeau, V. Kanade, M. Kwiatkowska and J. Worrell University of Oxford Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 1 / 22 Overview A computational and

  1. On the Hardness of Robust Classification P. Gourdeau, V. Kanade, M. Kwiatkowska and J. Worrell University of Oxford Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 1 / 22

  2. Overview A computational and information-theoretic study of the hardness of robust learning. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  3. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  4. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  5. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: { ((0 , 1 , . . . , 1) , 0) , ((1 , 1 , . . . , 1) , 1) , . . . , ((0 , 1 , . . . , 0) , 0) } Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  6. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: { ((0 , 1 , . . . , 1) , 0) , ((1 , 1 , . . . , 1) , 1) , . . . , ((0 , 1 , . . . , 0) , 0) } Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  7. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: { ((0 , 1 , . . . , 1) , 0) , ((1 , 1 , . . . , 1) , 1) , . . . , ((0 , 1 , . . . , 0) , 0) } Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  8. Overview Today’s talk: A comparison of different notions of robust risk , Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  9. Overview Today’s talk: A comparison of different notions of robust risk , A result on the impossibility of sample-efficient distribution-free robust learning, Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  10. Overview Today’s talk: A comparison of different notions of robust risk , A result on the impossibility of sample-efficient distribution-free robust learning, Robustness thresholds to robustly learn monotone conjunctions under log-Lipschitz distributions, Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  11. Overview Today’s talk: A comparison of different notions of robust risk , A result on the impossibility of sample-efficient distribution-free robust learning, Robustness thresholds to robustly learn monotone conjunctions under log-Lipschitz distributions, A simple proof of the computational hardness of robust learning. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  12. Machine Learning Classification Tasks Big picture: Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  13. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  14. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  15. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. We focus on the realizable setting , Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  16. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. We focus on the realizable setting , as opposed to the agnostic setting . Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  17. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. We focus on the realizable setting , as opposed to the agnostic setting . Learning algorithm A with sample complexity m : when given a sample S of size ≥ m , A outputs a hypothesis that has low error w.h.p. over S . Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  18. Robust Classification Tasks Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  19. Robust Classification Tasks Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  20. Robust Classification Tasks Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  21. Robust Classification Tasks Goal: learn a function that will be robust (with high probability) against an adversary who can perturb the test data. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  22. Robust Classification Tasks Goal: learn a function that will be robust (with high probability) against an adversary who can perturb the test data. Question: How do we define a misclassification? Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  23. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  24. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  25. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  26. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  27. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  28. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  29. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  30. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  31. Robust Risk Definitions c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 7 / 22

  32. Robust Risk Definitions c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Robust risks: Constant-in-the-ball: probability that an adversary can perturb a point x drawn from D to z with budget ρ , so that c on x and h on z differ: R C ρ ( h , c ) = P x ∼ D ( ∃ z ∈ B ρ ( x ) . c ( x ) � = h ( z )) . Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 7 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

IIT-H and RIKEN-AIP Joint Workshop on March 15, 2019 Machine Learning and Applications, Hyderabad, India Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust Learning --- Overview of Our Recent

1.06k views • 25 slides
Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness ASTM D2583 Fiberglass Aluminum Aluminum Alloys Soft Metals Plastics Scratch Hardness- (IS 101 - Part 5/Sec 2) BS 3900 Hardness can

1.89k views • 30 slides
Object detection & classification for ADAS Robust for Bad situations Small object sizes

Object detection & classification for ADAS Robust for Bad situations Small object sizes

Object detection & classification for ADAS Robust for Bad situations Small object sizes Robust for occlusion Small model size SVNet @ NVIDIA TX2 Please click Icon for Video 5/19/2017 2 Robust detection for various

123 views • 11 slides
, , Weakly Supervised Classification Robust Learning and More: Robust Learning and More:

, , Weakly Supervised Classification Robust Learning and More: Robust Learning and More:

The Second Korea-Japan Machine Learning Workshop, Jeju, Korea Feb. 23, 2019 , , Weakly Supervised Classification Robust Learning and More: Robust Learning and More: Overview of Our Recent Advances Overview of Our Recent Advances Masashi

484 views • 29 slides
P and NP Tools for classifying problems according to relative hardness Inge Li Grtz Thank

P and NP Tools for classifying problems according to relative hardness Inge Li Grtz Thank

Overview Problem classification Tractable Intractable Reductions P and NP Tools for classifying problems according to relative hardness Inge Li Grtz Thank you to Kevin Wayne, Philip Bille and Paul Fischer for inspiration to

359 views • 14 slides
Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo

Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo

Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo 2 RIKEN AIP 3 University of Michigan Jul. 9 th - 12 th @ COLT 2020 Han Bao 1,2 Clayton Scott 3 Masashi Sugiyama 2,1 Adversarial Attacks 2

514 views • 16 slides
Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus

Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus

Introduction Our Approach Experiments Conclusions Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus Piater, Louis Wehenkel Institut Montefiore, University of Li` ege, Belgium CVPR05, 22th June

423 views • 29 slides
Convolutional Prototype Ensemble Robust Stream Classification & Novel Class Detection Zhuoyi

Convolutional Prototype Ensemble Robust Stream Classification & Novel Class Detection Zhuoyi

UT DALLAS Erik Jonsson School of Engineering & ComputerScience Convolutional Prototype Ensemble Robust Stream Classification & Novel Class Detection Zhuoyi Wang * , Hemeng T ao * , Swarup Changra * , Latifur Khan * * The University of T

426 views • 26 slides
Supporting Robust Decisions with Classification and Data-Mining Algorithms Benjamin Bryant

Supporting Robust Decisions with Classification and Data-Mining Algorithms Benjamin Bryant

Supporting Robust Decisions with Classification and Data-Mining Algorithms Benjamin Bryant Advisor: Robert Lempert Thanks to: Evolving Logic, Inc, RAND Pardee Center, National Science Foundation useR! 2009 8 July Outline Policy analysis,

419 views • 16 slides
Robust pixel-based classification of obstacles for robotic harvesting of sweet-pepper Wouter Bac,

Robust pixel-based classification of obstacles for robotic harvesting of sweet-pepper Wouter Bac,

Robust pixel-based classification of obstacles for robotic harvesting of sweet-pepper Wouter Bac, Jochen Hemming, Eldert van Henten Wageningen University and Research Centre, The Netherlands Business Unit Greenhouse Horticulture & Farm

387 views • 36 slides
Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical Comments Optimization Problems More Complexity Classes 1 Tautology Problem & NP-Hardness & co-NP 2 NP-Hardness Another

559 views • 23 slides
Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting

Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting

Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting Wei, Pradeep Ravikumar ICML 2020 Computer Science Department, Statistics Department, Machine Learning Department Carnegie Mellon University

403 views • 16 slides
Constrained Mixture Estimation for Constrained Mixture Estimation Analysis and Robust

Constrained Mixture Estimation for Constrained Mixture Estimation Analysis and Robust

Constrained Mixture Estimation for Constrained Mixture Estimation Analysis and Robust Classification of for Analysis and Robust Classification Clinical Time Series of Clinical Time Series Alexander Schnhuth (joint work with Ivan Costa,

615 views • 35 slides
Robust and On-the-fly Data Denoising For Image Classification Jia ming Song, Yann Dauphin, Michael

Robust and On-the-fly Data Denoising For Image Classification Jia ming Song, Yann Dauphin, Michael

Robust and On-the-fly Data Denoising For Image Classification Jia ming Song, Yann Dauphin, Michael Auli, Tengyu Ma Automatically finds leopards in CIFAR100 training set! Supervised learning in deep learning Train and test set from same

547 views • 25 slides
Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP Next best thing: define hardest problem in NP A problem P is NP -hard if Every problem Q in NP can be solved in this way: 1. given an instance

609 views • 14 slides
Class Weighted Classification: Trade-offs and Robust Approaches Ziyu Xu (Neil), Chen Dan, Justin

Class Weighted Classification: Trade-offs and Robust Approaches Ziyu Xu (Neil), Chen Dan, Justin

Class Weighted Classification: Trade-offs and Robust Approaches Ziyu Xu (Neil), Chen Dan, Justin Khim, Pradeep Ravikumar Machine Learning Department, Computer Science Department Carnegie Mellon University ICML 2020 (July 12th, 2020) Problem

548 views • 44 slides
Candidate 101 Session Rosemary Hagiwara, Chief Election Officer July 2018 Agenda 1. Welcome

Candidate 101 Session Rosemary Hagiwara, Chief Election Officer July 2018 Agenda 1. Welcome

2018 Election Candidate 101 Session Rosemary Hagiwara, Chief Election Officer July 2018 Agenda 1. Welcome 2. Municipal overview 3. 2018 election process 4. Q&A Municipal overview AN ELECTED OFFICIAL . . . Contributes to the

356 views • 32 slides
Annual General Meeting 11 April 2017 PRIVATE & CONFIDENTIAL. NOT FOR EXTERNAL CIRCULATION. CO.

Annual General Meeting 11 April 2017 PRIVATE & CONFIDENTIAL. NOT FOR EXTERNAL CIRCULATION. CO.

Annual General Meeting 11 April 2017 PRIVATE & CONFIDENTIAL. NOT FOR EXTERNAL CIRCULATION. CO. REG. NO. R200007899C 1 PRIVATE & CONFIDENTIAL. NOT FOR EXTERNAL CIRCULATION. CO. REG. NO. R200007899C Disclaimer This presentation should be

482 views • 24 slides
EMBRACING INNOVATION EMBRACING INNOVATION HOW DO WE UNDERSTAND, ACCEPT, PREPARE FOR AND EMBRACE

EMBRACING INNOVATION EMBRACING INNOVATION HOW DO WE UNDERSTAND, ACCEPT, PREPARE FOR AND EMBRACE

EMBRACING INNOVATION EMBRACING INNOVATION HOW DO WE UNDERSTAND, ACCEPT, PREPARE FOR AND EMBRACE - INNOVATION Wealth-management services require "educated, credentialed, experienced advisors ,,,,,,, I don't see their "Neither RedBox

393 views • 12 slides
Contract R16STEMA The Robo Sapiens Arpita Abrol and Thivya Srikumar

Contract R16STEMA The Robo Sapiens Arpita Abrol and Thivya Srikumar

Contract R16STEMA The Robo Sapiens Arpita Abrol and Thivya Srikumar http://thingiverse-production- http://cdn.instructables.com/FBC/E41A/ICE1SW new.s3.amazonaws.com/renders/00/8b/3c/1a/d7/20140416_004715_preview_fea

110 views • 9 slides
Advancing a Robust & Equitable Response to COVID-19 HIGHLIGHT OF THE BUDGET & TAX

Advancing a Robust & Equitable Response to COVID-19 HIGHLIGHT OF THE BUDGET & TAX

Advancing a Robust & Equitable Response to COVID-19 HIGHLIGHT OF THE BUDGET & TAX CENTERS WORK Overview of our format All participants are on mute by default. We are recording the presentation and will share it will all

729 views • 25 slides
Robust Extraction of Spatial Correlation Jinjun Xiong, Vladimir Zolotov*, Lei He EE, University

Robust Extraction of Spatial Correlation Jinjun Xiong, Vladimir Zolotov*, Lei He EE, University

Robust Extraction of Spatial Correlation Jinjun Xiong, Vladimir Zolotov*, Lei He EE, University of California, Los Angeles EE, University of California, Los Angeles IBM T.J. Watson Research Center, Yorktown Heights* IBM T.J. Watson Research

440 views • 28 slides
BUI UILDI DING NG A ROB OBUST ON ONLINE LEARNI ARNING NG S STRUCTURE ON RE ON THE OL

BUI UILDI DING NG A ROB OBUST ON ONLINE LEARNI ARNING NG S STRUCTURE ON RE ON THE OL

BUI UILDI DING NG A ROB OBUST ON ONLINE LEARNI ARNING NG S STRUCTURE ON RE ON THE OL OLC P PILLAR ARS OF OF QUAL ALITY BY HAP AZIZ, ED.D. TWITTER: @DIGITALHAP CONTACT: HAPAZIZ@GMAIL.COM BLOG: HTTP://HAPAZIZ.WORDPRESS.COM Session

1.04k views • 17 slides
Robust Diffusion Recursive Least Squares Estimation with Side Information for Networked Agents Yi

Robust Diffusion Recursive Least Squares Estimation with Side Information for Networked Agents Yi

Robust Diffusion Recursive Least Squares Estimation with Side Information for Networked Agents Yi Yu, Haiquan Zhao, Rodrigo C. de Lamare, and Yuriy Zakharov April 20, 2018 School of Electrical Engineering, Southwest Jiaotong University, China

837 views • 28 slides

More recommend