on the hardness of robust classification
play

On the Hardness of Robust Classification P. Gourdeau, V. Kanade, M. - PowerPoint PPT Presentation

Sep 05, 2022 •26 likes •956 views

On the Hardness of Robust Classification P. Gourdeau, V. Kanade, M. Kwiatkowska and J. Worrell University of Oxford Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 1 / 22 Overview A computational and

  1. On the Hardness of Robust Classification P. Gourdeau, V. Kanade, M. Kwiatkowska and J. Worrell University of Oxford Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 1 / 22

  2. Overview A computational and information-theoretic study of the hardness of robust learning. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  3. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  4. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  5. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: { ((0 , 1 , . . . , 1) , 0) , ((1 , 1 , . . . , 1) , 1) , . . . , ((0 , 1 , . . . , 0) , 0) } Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  6. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: { ((0 , 1 , . . . , 1) , 0) , ((1 , 1 , . . . , 1) , 1) , . . . , ((0 , 1 , . . . , 0) , 0) } Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  7. Overview A computational and information-theoretic study of the hardness of robust learning. Setting: Binary classification tasks on input space X = { 0 , 1 } n in the presence of an adversary. E.g.: distinguishing between handwritten 0’s and 1’s: { ((0 , 1 , . . . , 1) , 0) , ((1 , 1 , . . . , 1) , 1) , . . . , ((0 , 1 , . . . , 0) , 0) } Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 2 / 22

  8. Overview Today’s talk: A comparison of different notions of robust risk , Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  9. Overview Today’s talk: A comparison of different notions of robust risk , A result on the impossibility of sample-efficient distribution-free robust learning, Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  10. Overview Today’s talk: A comparison of different notions of robust risk , A result on the impossibility of sample-efficient distribution-free robust learning, Robustness thresholds to robustly learn monotone conjunctions under log-Lipschitz distributions, Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  11. Overview Today’s talk: A comparison of different notions of robust risk , A result on the impossibility of sample-efficient distribution-free robust learning, Robustness thresholds to robustly learn monotone conjunctions under log-Lipschitz distributions, A simple proof of the computational hardness of robust learning. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 3 / 22

  12. Machine Learning Classification Tasks Big picture: Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  13. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  14. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  15. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. We focus on the realizable setting , Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  16. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. We focus on the realizable setting , as opposed to the agnostic setting . Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  17. Machine Learning Classification Tasks Big picture: Data i.i.d. from unknown distribution labelled from some concept. We focus on the realizable setting , as opposed to the agnostic setting . Learning algorithm A with sample complexity m : when given a sample S of size ≥ m , A outputs a hypothesis that has low error w.h.p. over S . Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 4 / 22

  18. Robust Classification Tasks Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  19. Robust Classification Tasks Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  20. Robust Classification Tasks Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  21. Robust Classification Tasks Goal: learn a function that will be robust (with high probability) against an adversary who can perturb the test data. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  22. Robust Classification Tasks Goal: learn a function that will be robust (with high probability) against an adversary who can perturb the test data. Question: How do we define a misclassification? Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 5 / 22

  23. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  24. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  25. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  26. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  27. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  28. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  29. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  30. Adversarial Examples General idea: An adversarial example is constructed from a natural example drawn from a distribution D by adding a perturbation. c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 6 / 22

  31. Robust Risk Definitions c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 7 / 22

  32. Robust Risk Definitions c : target concept h : hypothesis ρ : robustness parameter (adversary’s perturbation budget) Robust risks: Constant-in-the-ball: probability that an adversary can perturb a point x drawn from D to z with budget ρ , so that c on x and h on z differ: R C ρ ( h , c ) = P x ∼ D ( ∃ z ∈ B ρ ( x ) . c ( x ) � = h ( z )) . Pascale Gourdeau (University of Oxford) On the Hardness of Robust Classification 7 / 22

Recommend

Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

IIT-H and RIKEN-AIP Joint Workshop on March 15, 2019 Machine Learning and Applications, Hyderabad, India Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust Learning --- Overview of Our Recent

1.06k views • 25 slides
Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness ASTM D2583 Fiberglass Aluminum Aluminum Alloys Soft Metals Plastics Scratch Hardness- (IS 101 - Part 5/Sec 2) BS 3900 Hardness can

1.89k views • 30 slides
Object detection & classification for ADAS Robust for Bad situations Small object sizes

Object detection & classification for ADAS Robust for Bad situations Small object sizes

Object detection & classification for ADAS Robust for Bad situations Small object sizes Robust for occlusion Small model size SVNet @ NVIDIA TX2 Please click Icon for Video 5/19/2017 2 Robust detection for various

123 views • 11 slides
, , Weakly Supervised Classification Robust Learning and More: Robust Learning and More:

, , Weakly Supervised Classification Robust Learning and More: Robust Learning and More:

The Second Korea-Japan Machine Learning Workshop, Jeju, Korea Feb. 23, 2019 , , Weakly Supervised Classification Robust Learning and More: Robust Learning and More: Overview of Our Recent Advances Overview of Our Recent Advances Masashi

484 views • 29 slides
P and NP Tools for classifying problems according to relative hardness Inge Li Grtz Thank

P and NP Tools for classifying problems according to relative hardness Inge Li Grtz Thank

Overview Problem classification Tractable Intractable Reductions P and NP Tools for classifying problems according to relative hardness Inge Li Grtz Thank you to Kevin Wayne, Philip Bille and Paul Fischer for inspiration to

359 views • 14 slides
Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo

Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo

Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo 2 RIKEN AIP 3 University of Michigan Jul. 9 th - 12 th @ COLT 2020 Han Bao 1,2 Clayton Scott 3 Masashi Sugiyama 2,1 Adversarial Attacks 2

514 views • 16 slides
Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus

Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus

Introduction Our Approach Experiments Conclusions Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus Piater, Louis Wehenkel Institut Montefiore, University of Li` ege, Belgium CVPR05, 22th June

423 views • 29 slides
Convolutional Prototype Ensemble Robust Stream Classification & Novel Class Detection Zhuoyi

Convolutional Prototype Ensemble Robust Stream Classification & Novel Class Detection Zhuoyi

UT DALLAS Erik Jonsson School of Engineering & ComputerScience Convolutional Prototype Ensemble Robust Stream Classification & Novel Class Detection Zhuoyi Wang * , Hemeng T ao * , Swarup Changra * , Latifur Khan * * The University of T

426 views • 26 slides
Supporting Robust Decisions with Classification and Data-Mining Algorithms Benjamin Bryant

Supporting Robust Decisions with Classification and Data-Mining Algorithms Benjamin Bryant

Supporting Robust Decisions with Classification and Data-Mining Algorithms Benjamin Bryant Advisor: Robert Lempert Thanks to: Evolving Logic, Inc, RAND Pardee Center, National Science Foundation useR! 2009 8 July Outline Policy analysis,

419 views • 16 slides
Robust pixel-based classification of obstacles for robotic harvesting of sweet-pepper Wouter Bac,

Robust pixel-based classification of obstacles for robotic harvesting of sweet-pepper Wouter Bac,

Robust pixel-based classification of obstacles for robotic harvesting of sweet-pepper Wouter Bac, Jochen Hemming, Eldert van Henten Wageningen University and Research Centre, The Netherlands Business Unit Greenhouse Horticulture & Farm

387 views • 36 slides
Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical Comments Optimization Problems More Complexity Classes 1 Tautology Problem & NP-Hardness & co-NP 2 NP-Hardness Another

559 views • 23 slides
Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting

Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting

Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting Wei, Pradeep Ravikumar ICML 2020 Computer Science Department, Statistics Department, Machine Learning Department Carnegie Mellon University

403 views • 16 slides
Constrained Mixture Estimation for Constrained Mixture Estimation Analysis and Robust

Constrained Mixture Estimation for Constrained Mixture Estimation Analysis and Robust

Constrained Mixture Estimation for Constrained Mixture Estimation Analysis and Robust Classification of for Analysis and Robust Classification Clinical Time Series of Clinical Time Series Alexander Schnhuth (joint work with Ivan Costa,

615 views • 35 slides
Robust and On-the-fly Data Denoising For Image Classification Jia ming Song, Yann Dauphin, Michael

Robust and On-the-fly Data Denoising For Image Classification Jia ming Song, Yann Dauphin, Michael

Robust and On-the-fly Data Denoising For Image Classification Jia ming Song, Yann Dauphin, Michael Auli, Tengyu Ma Automatically finds leopards in CIFAR100 training set! Supervised learning in deep learning Train and test set from same

547 views • 25 slides
Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP Next best thing: define hardest problem in NP A problem P is NP -hard if Every problem Q in NP can be solved in this way: 1. given an instance

609 views • 14 slides
Class Weighted Classification: Trade-offs and Robust Approaches Ziyu Xu (Neil), Chen Dan, Justin

Class Weighted Classification: Trade-offs and Robust Approaches Ziyu Xu (Neil), Chen Dan, Justin

Class Weighted Classification: Trade-offs and Robust Approaches Ziyu Xu (Neil), Chen Dan, Justin Khim, Pradeep Ravikumar Machine Learning Department, Computer Science Department Carnegie Mellon University ICML 2020 (July 12th, 2020) Problem

548 views • 44 slides
G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen, Switzerland 2) Northeastern University, Boston, USA * ) on leave from INR(Moscow) LIGHT 07, September 26, 2007, Ringberg Castle G-APD radiation hardness

375 views • 23 slides
From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems Kevin Leyton Brown Computer Science Department University of British Columbia CATS Empirical Hardness Models EHMs for SAT SATzilla Intro

1.15k views • 75 slides
Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay Cohen Noah Smith Carnegie Mellon University July 14, 2010 Outline Hardness results for unsupervised learning of PCFGs Background and problem

602 views • 46 slides
Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit Laekhanukit McGill University 1 This Talk Investigate the connection between 2-Prover-1-Round Game (2P1R) and Hardness of Approximating

540 views • 43 slides
Robust hypothesis test using Wasserstein uncertainty sets Yao Xie Georgia Institute of

Robust hypothesis test using Wasserstein uncertainty sets Yao Xie Georgia Institute of

Robust hypothesis test using Wasserstein uncertainty sets Yao Xie Georgia Institute of Technology Joint work with Rui Gao, Liyan Xie, Huan Xu Cl Classification on with Anomaly detection: Health care: many unba unbalance nced da d

515 views • 7 slides
NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs . . . Usual Proofs of NP- . . . Proofs of NP- . . . Pedagogical Problem . . . NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers Instead What Is NP-Hard: . . . Proof that . . . of

296 views • 12 slides
Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using Graphs Graph classification Direct Product Kernel Predictive Toxicology example dataset Vertex classification Laplacian Kernel

605 views • 33 slides
Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1

Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1

Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1 School of Computing, University of Leeds, UK 2 Computer Science Department, Swansea University, UK 1 Hardness measures for resolution Historically

659 views • 23 slides

More recommend