Theoretical Analysis of Adversarial Learning: A Minimax Approach
This provides a theoretical foundation for adversarial robustness in machine learning, though it appears incremental as it builds on existing minimax frameworks.
The authors tackled the problem of analyzing risk bounds in adversarial learning by framing it as a minimax statistical learning problem using transport maps, and proved a new risk bound in terms of covering numbers under weak Lipschitz conditions, with applications to SVMs, deep neural networks, and PCA.
Here we propose a general theoretical method for analyzing the risk bound in the presence of adversaries. Specifically, we try to fit the adversarial learning problem into the minimax framework. We first show that the original adversarial learning problem can be reduced to a minimax statistical learning problem by introducing a transport map between distributions. Then, we prove a new risk bound for this minimax problem in terms of covering numbers under a weak version of Lipschitz condition. Our method can be applied to multi-class classification problems and commonly used loss functions such as the hinge and ramp losses. As some illustrative examples, we derive the adversarial risk bounds for SVMs, deep neural networks, and PCA, and our bounds have two data-dependent terms, which can be optimized for achieving adversarial robustness.