A Characterization of Semi-Supervised Adversarially-Robust PAC Learnability
This addresses the challenge of reducing labeled data requirements for robust machine learning against test-time attacks, establishing a gap between supervised and semi-supervised approaches that does not exist in non-robust learning.
The paper tackles the problem of learning adversarially robust predictors in a semi-supervised setting, showing that with sufficient unlabeled data, the labeled sample complexity can be arbitrarily smaller than in supervised methods, as proven by nearly matching upper and lower bounds.
We study the problem of learning an adversarially robust predictor to test time attacks in the semi-supervised PAC model. We address the question of how many labeled and unlabeled examples are required to ensure learning. We show that having enough unlabeled data (the size of a labeled sample that a fully-supervised method would require), the labeled sample complexity can be arbitrarily smaller compared to previous works, and is sharply characterized by a different complexity measure. We prove nearly matching upper and lower bounds on this sample complexity. This shows that there is a significant benefit in semi-supervised robust learning even in the worst-case distribution-free model, and establishes a gap between the supervised and semi-supervised label complexities which is known not to hold in standard non-robust PAC learning.