Adversarially Robust PAC Learnability of Real-Valued Functions

Idan Attias, Steve Hanneke

Research output: Contribution to journalConference articlepeer-review

Abstract

We study robustness to test-time adversarial attacks in the regression setting with ℓp losses and arbitrary perturbation sets. We address the question of which function classes are PAC learnable in this setting. We show that classes of finite fat-shattering dimension are learnable in both realizable and agnostic settings. Moreover, for convex function classes, they are even properly learnable. In contrast, some non-convex function classes provably require improper learning algorithms. Our main technique is based on a construction of an adversarially robust sample compression scheme of a size determined by the fat-shattering dimension. Along the way, we introduce a novel agnostic sample compression scheme for real-valued functions, which may be of independent interest.

Original languageEnglish
Pages (from-to)1172-1199
Number of pages28
JournalProceedings of Machine Learning Research
Volume202
StatePublished - 1 Jan 2023
Event40th International Conference on Machine Learning, ICML 2023 - Honolulu, United States
Duration: 23 Jul 202329 Jul 2023

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Systems Engineering
  • Statistics and Probability

Fingerprint

Dive into the research topics of 'Adversarially Robust PAC Learnability of Real-Valued Functions'. Together they form a unique fingerprint.

Cite this