full
search.png

Search

close.png

Cancel

arrow
Volume 39, Issue 6
Achieving Adversarial Robustness Requires an Active Teacher

Chao Ma & Lexing Ying

DOI: 10.4208/jcm.2105-m2020-0310

J. Comp. Math., 39 (2021), pp. 880-896.

Published online: 2021-10

Preview Full PDF 1746 27155

Cited by

google scholar semantic scholar
Export citation
  • Abstract

A new understanding of adversarial examples and adversarial robustness is proposed by decoupling the data generator and the label generator (which we call the teacher). In our framework, adversarial robustness is a conditional concept — the student model is not absolutely robust, but robust with respect to the teacher. Based on the new understanding, we claim that adversarial examples exist because the student cannot obtain sufficient information of the teacher from the training data. Various ways of achieving robustness is compared. Theoretical and numerical evidence shows that to efficiently attain robustness, a teacher that actively provides its information to the student may be necessary.

  • Keywords

Adversarial robustness, Decoupled supervised learning, Active teacher.

  • AMS Subject Headings

68T07, 68T99

  • Copyright

COPYRIGHT: © Global Science Press

  • Email address

chaoma@stanford.edu (Chao Ma)

lexing@stanford.edu (Lexing Ying)

  • BibTex
  • RIS
  • TXT
@Article{JCM-39-880, author = {Ma , Chao and Ying , Lexing}, title = {Achieving Adversarial Robustness Requires an Active Teacher}, journal = {Journal of Computational Mathematics}, year = {2021}, volume = {39}, number = {6}, pages = {880--896}, abstract = {

A new understanding of adversarial examples and adversarial robustness is proposed by decoupling the data generator and the label generator (which we call the teacher). In our framework, adversarial robustness is a conditional concept — the student model is not absolutely robust, but robust with respect to the teacher. Based on the new understanding, we claim that adversarial examples exist because the student cannot obtain sufficient information of the teacher from the training data. Various ways of achieving robustness is compared. Theoretical and numerical evidence shows that to efficiently attain robustness, a teacher that actively provides its information to the student may be necessary.

}, issn = {1991-7139}, doi = {https://doi.org/10.4208/jcm.2105-m2020-0310}, url = {http://global-sci.org/intro/article_detail/jcm/19916.html} }
TY - JOUR T1 - Achieving Adversarial Robustness Requires an Active Teacher AU - Ma , Chao AU - Ying , Lexing JO - Journal of Computational Mathematics VL - 6 SP - 880 EP - 896 PY - 2021 DA - 2021/10 SN - 39 DO - http://doi.org/10.4208/jcm.2105-m2020-0310 UR - https://global-sci.org/intro/article_detail/jcm/19916.html KW - Adversarial robustness, Decoupled supervised learning, Active teacher. AB -

A new understanding of adversarial examples and adversarial robustness is proposed by decoupling the data generator and the label generator (which we call the teacher). In our framework, adversarial robustness is a conditional concept — the student model is not absolutely robust, but robust with respect to the teacher. Based on the new understanding, we claim that adversarial examples exist because the student cannot obtain sufficient information of the teacher from the training data. Various ways of achieving robustness is compared. Theoretical and numerical evidence shows that to efficiently attain robustness, a teacher that actively provides its information to the student may be necessary.

Chao Ma & Lexing Ying. (2021). Achieving Adversarial Robustness Requires an Active Teacher. Journal of Computational Mathematics. 39 (6). 880-896. doi:10.4208/jcm.2105-m2020-0310
Copy to clipboard
BibteX RIS TXT
The citation has been copied to your clipboard