Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

A PAC-Bayes Analysis of Adversarial Robustness

Abstract : We propose the first general PAC-Bayesian generalization bounds for adversarial robustness, that estimate, at test time, how much a model will be invariant to imperceptible perturbations in the input. Instead of deriving a worst-case analysis of the risk of a hypothesis over all the possible perturbations, we leverage the PAC-Bayesian framework to bound the averaged risk on the perturbations for majority votes (over the whole class of hypotheses). Our theoretically founded analysis has the advantage to provide general bounds (i) independent from the type of perturbations (i.e., the adversarial attacks), (ii) that are tight thanks to the PAC-Bayesian framework, (iii) that can be directly minimized during the learning phase to obtain a robust model on different attacks at test time.
Document type :
Preprints, Working Papers, ...
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03145332
Contributor : Guillaume Vidot <>
Submitted on : Thursday, February 18, 2021 - 12:00:17 PM
Last modification on : Thursday, June 10, 2021 - 3:07:25 AM
Long-term archiving on: : Wednesday, May 19, 2021 - 6:56:59 PM

Files

arxiv.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03145332, version 1

Citation

Guillaume Vidot, Paul Viallard, Amaury Habrard, Emilie Morvant. A PAC-Bayes Analysis of Adversarial Robustness. 2021. ⟨hal-03145332⟩

Share

Metrics

Record views

153

Files downloads

146