A Spectral View of Adversarially Robust Features
This addresses the challenge of adversarial robustness in machine learning, offering a novel approach to feature development, though it appears incremental as it builds on existing robustness concerns.
The paper tackles the problem of learning adversarially robust features by connecting them to spectral properties of dataset geometry, providing robust features and a lower bound on robustness, with empirical evidence showing these features can be used to learn robust and accurate models.
Given the apparent difficulty of learning models that are robust to adversarial perturbations, we propose tackling the simpler problem of developing adversarially robust features. Specifically, given a dataset and metric of interest, the goal is to return a function (or multiple functions) that 1) is robust to adversarial perturbations, and 2) has significant variation across the datapoints. We establish strong connections between adversarially robust features and a natural spectral property of the geometry of the dataset and metric of interest. This connection can be leveraged to provide both robust features, and a lower bound on the robustness of any function that has significant variance across the dataset. Finally, we provide empirical evidence that the adversarially robust features given by this spectral approach can be fruitfully leveraged to learn a robust (and accurate) model.