Adversarial Resilience against Clean-Label Attacks in Realizable and Noisy Settings
This work addresses adversarial resilience in machine learning for scenarios with clean-label attacks, offering incremental theoretical improvements over existing methods.
The paper tackles the problem of learning from data streams with unknown clean-label adversarial samples, extending prior work to provide theoretical guarantees for both realizable and noisy agnostic settings, specifically analyzing a disagreement-based learner for thresholds.
We investigate the challenge of establishing stochastic-like guarantees when sequentially learning from a stream of i.i.d. data that includes an unknown quantity of clean-label adversarial samples. We permit the learner to abstain from making predictions when uncertain. The regret of the learner is measured in terms of misclassification and abstention error, where we allow the learner to abstain for free on adversarial injected samples. This approach is based on the work of Goel, Hanneke, Moran, and Shetty from arXiv:2306.13119. We explore the methods they present and manage to correct inaccuracies in their argumentation. However, this approach is limited to the realizable setting, where labels are assigned according to some function $f^*$ from the hypothesis space $\mathcal{F}$. Based on similar arguments, we explore methods to make adaptations for the agnostic setting where labels are random. Introducing the notion of a clean-label adversary in the agnostic context, we are the first to give a theoretical analysis of a disagreement-based learner for thresholds, subject to a clean-label adversary with noise.