Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness

May 29, 2019 · Entered Twilight · 🏛 Neural Information Processing Systems

"Last commit was 6.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, LICENSE, README.md, baseline.py, load_data.py, main_euclidean.py, main_infinity.py, preliminary.py, tune_euclidean.py, tune_infinity.py

Authors Saeed Mahloujifar, Xiao Zhang, Mohammad Mahmoody, David Evans arXiv ID 1905.12202 Category cs.LG: Machine Learning Cross-listed cs.CR, cs.IT, stat.ML Citations 23 Venue Neural Information Processing Systems Repository https://github.com/xiaozhanguva/Measure-Concentration ⭐ 7 Last Checked 1 month ago

Abstract

Many recent works have shown that adversarial examples that fool classifiers can be found by minimally perturbing a normal input. Recent theoretical results, starting with Gilmer et al. (2018b), show that if the inputs are drawn from a concentrated metric probability space, then adversarial examples with small perturbation are inevitable. A concentrated space has the property that any subset with $Ω(1)$ (e.g., 1/100) measure, according to the imposed distribution, has small distance to almost all (e.g., 99/100) of the points in the space. It is not clear, however, whether these theoretical results apply to actual distributions such as images. This paper presents a method for empirically measuring and bounding the concentration of a concrete dataset which is proven to converge to the actual concentration. We use it to empirically estimate the intrinsic robustness to $\ell_\infty$ and $\ell_2$ perturbations of several image classification benchmarks. Code for our experiments is available at https://github.com/xiaozhanguva/Measure-Concentration.