On the Learnability of Distribution Classes with Adaptive Adversaries
This addresses a security concern in machine learning for scenarios where adversaries have real-time access to data, though it appears incremental as it builds on existing adversarial learning frameworks.
The paper tackles the problem of learnability of distribution classes when adversaries can adaptively intercept and manipulate samples, showing that learnability under such adaptive adversaries is a strictly stronger condition than under oblivious adversaries.
We consider the question of learnability of distribution classes in the presence of adaptive adversaries -- that is, adversaries capable of intercepting the samples requested by a learner and applying manipulations with full knowledge of the samples before passing it on to the learner. This stands in contrast to oblivious adversaries, who can only modify the underlying distribution the samples come from but not their i.i.d.\ nature. We formulate a general notion of learnability with respect to adaptive adversaries, taking into account the budget of the adversary. We show that learnability with respect to additive adaptive adversaries is a strictly stronger condition than learnability with respect to additive oblivious adversaries.