All Dates/Times are Australian Eastern Standard Time (AEST)

Technical Program

Paper Detail

Paper IDD3-S5-T3.3
Paper Title Robust Machine Learning via Privacy/Rate-Distortion Theory
Authors Ye Wang, Mitsubishi Electric Research Laboratories, United States; Shuchin Aeron, Tufts University, United States; Adnan Siraj Rakin, Arizona State University, United States; Toshiaki Koike-Akino, Mitsubishi Electric Research Laboratories, United States; Pierre Moulin, University of Illinois at Urbana-Champaign, United States
Session D3-S5-T3: Privacy & Learning
Chaired Session: Wednesday, 14 July, 23:20 - 23:40
Engagement Session: Wednesday, 14 July, 23:40 - 00:00
Abstract Robust machine learning formulations have emerged to address the prevalent vulnerability of deep neural networks to adversarial examples. Our work draws the connection between optimal robust learning and the privacy-utility tradeoff problem, which is a generalization of the rate-distortion problem. The saddle point of the game between a robust classifier and an adversarial perturbation can be found via the solution of a maximum conditional entropy problem. This information-theoretic perspective sheds light on the fundamental tradeoff between robustness and clean data performance, which ultimately arises from the geometric structure of the underlying data distribution and perturbation constraints.