Achieving Adversarial Robustness Requires An Active Teacher
This work offers a new theoretical perspective on adversarial robustness for researchers working on secure machine learning, suggesting a fundamental limitation of current passive learning paradigms.
This paper proposes a new framework for understanding adversarial examples and robustness by decoupling data and label generators (teacher). It claims that adversarial examples arise from insufficient information about the teacher in the training data, suggesting that an active teacher providing information is necessary for efficient robustness.
A new understanding of adversarial examples and adversarial robustness is proposed by decoupling the data generator and the label generator (which we call the teacher). In our framework, adversarial robustness is a conditional concept---the student model is not absolutely robust, but robust with respect to the teacher. Based on the new understanding, we claim that adversarial examples exist because the student cannot obtain sufficient information of the teacher from the training data. Various ways of achieving robustness is compared. Theoretical and numerical evidence shows that to efficiently attain robustness, a teacher that actively provides its information to the student may be necessary.