Reducing Adversarially Robust Learning to Non-Robust PAC Learning
This addresses the challenge of robust learning in adversarial settings for machine learning practitioners, offering a theoretical reduction that is not incremental but foundational in nature.
The paper tackles the problem of learning adversarially robust predictors by reducing it to standard PAC learning using a black-box non-robust learner, achieving a reduction with a logarithmic dependence on the number of adversarial perturbations per example and providing a matching lower bound.
We study the problem of reducing adversarially robust learning to standard PAC learning, i.e. the complexity of learning adversarially robust predictors using access to only a black-box non-robust learner. We give a reduction that can robustly learn any hypothesis class $\mathcal{C}$ using any non-robust learner $\mathcal{A}$ for $\mathcal{C}$. The number of calls to $\mathcal{A}$ depends logarithmically on the number of allowed adversarial perturbations per example, and we give a lower bound showing this is unavoidable.