| Paper ID | D3-S5-T3.3 |
| Paper Title |
Robust Machine Learning via Privacy/Rate-Distortion Theory |
| Authors |
Ye Wang, Mitsubishi Electric Research Laboratories, United States; Shuchin Aeron, Tufts University, United States; Adnan Siraj Rakin, Arizona State University, United States; Toshiaki Koike-Akino, Mitsubishi Electric Research Laboratories, United States; Pierre Moulin, University of Illinois at Urbana-Champaign, United States |
| Session |
D3-S5-T3: Privacy & Learning |
| Chaired Session: |
Wednesday, 14 July, 23:20 - 23:40 |
| Engagement Session: |
Wednesday, 14 July, 23:40 - 00:00 |
| Abstract |
Robust machine learning formulations have emerged to address the prevalent vulnerability of deep neural networks to adversarial examples. Our work draws the connection between optimal robust learning and the privacy-utility tradeoff problem, which is a generalization of the rate-distortion problem. The saddle point of the game between a robust classifier and an adversarial perturbation can be found via the solution of a maximum conditional entropy problem. This information-theoretic perspective sheds light on the fundamental tradeoff between robustness and clean data performance, which ultimately arises from the geometric structure of the underlying data distribution and perturbation constraints.
|
