Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Robust Online Learning

Sajad Ashkezari

TL;DR

The paper studies robust online learning under adversarial perturbations where both inputs and clean labels may be chosen adversarially. It introduces the $L_\\mathcal{U}(\\mathcal{H})$ dimension, a Littlestone-like measure defined via $\\mathcal{U}$-adversarial trees, and shows it tightly governs learning performance: $\\mathbf{M}^*=L_\\mathcal{U}(\\mathcal{H})$ in the realizable setting and $\\tilde{O}(\\sqrt{L_\\mathcal{U}(\\mathcal{H})\\,T})$ regret in the agnostic setting, with extensions to multiclass scenarios. The analysis leverages an orientation game and reductions to prediction with expert advice to obtain tight upper and matching lower bounds, and it further addresses uncertain perturbation sets by introducing a finite family $\\mathcal{G}$ of perturbations with logarithmic dependence on $|\\mathcal{G}|$. Overall, the work provides a principled framework and tight bounds for robust online learnability under adversarial perturbations, highlighting avenues for future work on infinite perturbation families and partial feedback.

Abstract

We study the problem of learning robust classifiers where the classifier will receive a perturbed input. Unlike robust PAC learning studied in prior work, here the clean data and its label are also adversarially chosen. We formulate this setting as an online learning problem and consider both the realizable and agnostic learnability of hypothesis classes. We define a new dimension of classes and show it controls the mistake bounds in the realizable setting and the regret bounds in the agnostic setting. In contrast to the dimension that characterizes learnability in the PAC setting, our dimension is rather simple and resembles the Littlestone dimension. We generalize our dimension to multiclass hypothesis classes and prove similar results in the realizable case. Finally, we study the case where the learner does not know the set of allowed perturbations for each point and only has some prior on them.

Robust Online Learning

TL;DR

The paper studies robust online learning under adversarial perturbations where both inputs and clean labels may be chosen adversarially. It introduces the dimension, a Littlestone-like measure defined via -adversarial trees, and shows it tightly governs learning performance: in the realizable setting and regret in the agnostic setting, with extensions to multiclass scenarios. The analysis leverages an orientation game and reductions to prediction with expert advice to obtain tight upper and matching lower bounds, and it further addresses uncertain perturbation sets by introducing a finite family of perturbations with logarithmic dependence on . Overall, the work provides a principled framework and tight bounds for robust online learnability under adversarial perturbations, highlighting avenues for future work on infinite perturbation families and partial feedback.

Abstract

We study the problem of learning robust classifiers where the classifier will receive a perturbed input. Unlike robust PAC learning studied in prior work, here the clean data and its label are also adversarially chosen. We formulate this setting as an online learning problem and consider both the realizable and agnostic learnability of hypothesis classes. We define a new dimension of classes and show it controls the mistake bounds in the realizable setting and the regret bounds in the agnostic setting. In contrast to the dimension that characterizes learnability in the PAC setting, our dimension is rather simple and resembles the Littlestone dimension. We generalize our dimension to multiclass hypothesis classes and prove similar results in the realizable case. Finally, we study the case where the learner does not know the set of allowed perturbations for each point and only has some prior on them.
Paper Structure (10 sections, 12 theorems, 10 equations, 1 figure, 3 algorithms)

This paper contains 10 sections, 12 theorems, 10 equations, 1 figure, 3 algorithms.

Table of Contents

  1. Introduction
  2. Setup and Problem Formulation
  3. Optimal mistake bounds for realizable robust online learning
  4. Orientation Game
  5. From orientations to learners
  6. Multiclass robust online learning
  7. Regret bounds for agnostic robust online learning
  8. Robust online learning with uncertain perturbation sets
  9. Conclusion
  10. Prediction with expert advice

Key Result

Theorem 9

A hypothesis class $\mathcal{H}$ with finite $\mathrm{L}_\mathcal{U}(\mathcal{H})$ is realizable learnable in the orientation game with optimal mistake bound $\mathbf{M}^*_{OG} = \mathrm{L}_\mathcal{U}(\mathcal{H})$. In particular, the algorithm $\mathrm{SOA_{OG}}$ achieves the optimal mistake bound

Figures (1)

  • Figure 1: A $\mathcal{U}-$adversarial tree of depth 2. For each $k\leq 2$ and $\mathbf{u}\in \{0,1\}^k$ we have $\mathcal{U}(x_\mathbf{u}^0)\cap \mathcal{U}(x_\mathbf{u}^1)\neq \emptyset$. The tree is shattered $\mathcal{H}$ if each of its root-to-leaf paths are realizable by $\mathcal{H}$. For example, there must exist $\textcolor{red}{h_{01}}\in \mathcal{H}$ such that $\textcolor{red}{h_{01}}(z)=\textcolor{blue}{0}$ for all $z\in \mathcal{U}(x_{\emptyset}^{\textcolor{blue}{0}})$ and $\textcolor{red}{h_{01}}(z)=\textcolor{purple}{1}$ for all $z\in \mathcal{U}(x_{0}^{\textcolor{purple}{1}})$.

Theorems & Definitions (30)

  • Definition 1: Robust Online Learning
  • Remark 2
  • Definition 3: Realizable Robust Online Learnability
  • Definition 4: Agnostic Robust Online Learnability
  • Definition 5: Orientation Game
  • Definition 6: $\mathcal{U}$-adversarial Littlestone tree
  • Definition 7: $\mathcal{U}$-adversarial Littlestone Dimension
  • Remark 8
  • Theorem 9
  • proof
  • ...and 20 more