Conference item
How benign is benign overfitting?
- Abstract:
- We investigate two causes for adversarial vulnerability in deep neural networks: bad data and (poorly) trained models. When trained with SGD, deep neural networks essentially achieve zero training error, even in the presence of label noise, while also exhibiting good generalization on natural test data, something referred to as benign overfitting (Bartlett et al., 2020; Chatterji & Long, 2020). However, these models are vulnerable to adversarial attacks. We identify label noise as one of the causes for adversarial vulnerability, and provide theoretical and empirical evidence in support of this. Surprisingly, we find several instances of label noise in datasets such as MNIST and CIFAR, and that robustly trained models incur training error on some of these, i.e. they don’t fit the noise. However, removing noisy labels alone does not suffice to achieve adversarial robustness. We conjecture that in part sub-optimal representation learning is also responsible for adversarial vulnerability. By means of simple theoretical setups, we show how the choice of representation can drastically affect adversarial robustness.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Version of record, 6.3MB, Terms of use)
-
- Publication website:
- https://openreview.net/forum?id=g-wu9TMPODo
Authors
- Publisher:
- OpenReview
- Publication date:
- 2021-03-17
- Acceptance date:
- 2021-01-12
- Event title:
- Interational Conference on Learning Representations (ICLR 2021)
- Language:
-
English
- Keywords:
- Pubs id:
-
1186133
- Local pid:
-
pubs:1186133
- Deposit date:
-
2021-07-13
Terms of use
- Copyright holder:
- Sanyal et al.
- Copyright date:
- 2021
- Rights statement:
- Copyright © 2021 The Author(s). This is an open access article published under CC BY 4.0.
- Licence:
- CC Attribution (CC BY)
If you are the owner of this record, you can report an update to it here: Report update to this record