Sample complexity bounds for robustly learning decision lists against evasion attacks

Conference item

A fundamental problem in adversarial machine learning is to quantify how much training data is needed in the presence of evasion attacks. In this paper we address this issue within the framework of PAC learning, focusing on the class of decision lists. Given that distributional assumptions are essential in the adversarial setting, we work with probability distributions on the input data that satisfy a Lipschitz condition: nearby points have similar probability. Our key results illustrate that the adversary's budget (that is, the number of bits it can perturb on each input) is a fundamental quantity in determining the sample complexity of robust learning. Our first main result is a sample-complexity lower bound: the class of monotone conjunctions (essentially the simplest non-trivial hypothesis class on the Boolean hypercube) and any superclass has sample complexity at least exponential in the adversary's budget. Our second main result is a corresponding upper bound: for every fixed k the class of k-decision lists has polynomial sample complexity against a log(n)-bounded adversary. This sheds further light on the question of whether an efficient PAC learning algorithm can always be used as an efficient log(n)-robust learning algorithm under the uniform distribution.

Authors: Gourdeau, P; Kanade, V; Kwiatkowska, M; Worrell, J

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: International Joint Conferences on Artificial Intelligence
• Host title: Proceedings of the 31st International Joint Conferences on Artificial Intelligence Organization
• Pages: 3022-3028
• Publication date: 2022-07-23
• Acceptance date: 2022-04-22
• Event title: 31st International Joint Conferences on Artificial Intelligence Organization (IJCAI 2022)
• Event location: Messe Wien, Vienna, Austria
• Event website: https://ijcai-22.org/
• Event start date: 2022-07-23
• Event end date: 2022-07-29
• DOI: 10.24963/ijcai.2022/419
• EISBN: 978-1-956792-00-3
• Language: English
• Keywords: machine learning: classification; machine learning: adversarial machine learning; machine learning: robustness; machine learning: learning theory; FFR