Certifying Out-of-Domain Generalization for Blackbox Functions
- URL: http://arxiv.org/abs/2202.01679v1
- Date: Thu, 3 Feb 2022 16:47:50 GMT
- Title: Certifying Out-of-Domain Generalization for Blackbox Functions
- Authors: Maurice Weber, Linyi Li, Boxin Wang, Zhikuan Zhao, Bo Li, Ce Zhang
- Abstract summary: We propose a novel certification framework given bounded distance of mean and variance of two distributions.
We experimentally validate our certification method on a number of datasets, ranging from ImageNet.
- Score: 20.997611019445657
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Certifying the robustness of model performance under bounded data
distribution shifts has recently attracted intensive interests under the
umbrella of distributional robustness. However, existing techniques either make
strong assumptions on the model class and loss functions that can be certified,
such as smoothness expressed via Lipschitz continuity of gradients, or require
to solve complex optimization problems. As a result, the wider application of
these techniques is currently limited by its scalability and flexibility --
these techniques often do not scale to large-scale datasets with modern deep
neural networks or cannot handle loss functions which may be non-smooth, such
as the 0-1 loss. In this paper, we focus on the problem of certifying
distributional robustness for black box models and bounded losses, without
other assumptions. We propose a novel certification framework given bounded
distance of mean and variance of two distributions. Our certification technique
scales to ImageNet-scale datasets, complex models, and a diverse range of loss
functions. We then focus on one specific application enabled by such
scalability and flexibility, i.e., certifying out-of-domain generalization for
large neural networks and loss functions such as accuracy and AUC. We
experimentally validate our certification method on a number of datasets,
ranging from ImageNet, where we provide the first non-vacuous certified
out-of-domain generalization, to smaller classification tasks where we are able
to compare with the state-of-the-art and show that our method performs
considerably better.
Related papers
- SINDER: Repairing the Singular Defects of DINOv2 [61.98878352956125]
Vision Transformer models trained on large-scale datasets often exhibit artifacts in the patch token they extract.
We propose a novel fine-tuning smooth regularization that rectifies structural deficiencies using only a small dataset.
arXiv Detail & Related papers (2024-07-23T20:34:23Z) - Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck [77.37409441129995]
In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition.
We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training.
We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
arXiv Detail & Related papers (2023-03-24T16:03:21Z) - Modeling Uncertain Feature Representation for Domain Generalization [49.129544670700525]
We show that our method consistently improves the network generalization ability on multiple vision tasks.
Our methods are simple yet effective and can be readily integrated into networks without additional trainable parameters or loss constraints.
arXiv Detail & Related papers (2023-01-16T14:25:02Z) - On the effectiveness of partial variance reduction in federated learning
with heterogeneous data [27.527995694042506]
We show that the diversity of the final classification layers across clients impedes the performance of the FedAvg algorithm.
Motivated by this, we propose to correct model by variance reduction only on the final layers.
We demonstrate that this significantly outperforms existing benchmarks at a similar or lower communication cost.
arXiv Detail & Related papers (2022-12-05T11:56:35Z) - Certifying Some Distributional Fairness with Subpopulation Decomposition [20.009388617013986]
We first formulate the certified fairness of an ML model trained on a given data distribution as an optimization problem.
We then propose a general fairness certification framework and instantiate it for both sensitive shifting and general shifting scenarios.
Our framework is flexible to integrate additional non-skewness constraints and we show that it provides even tighter certification under different real-world scenarios.
arXiv Detail & Related papers (2022-05-31T01:17:50Z) - FjORD: Fair and Accurate Federated Learning under heterogeneous targets
with Ordered Dropout [16.250862114257277]
We introduce Ordered Dropout, a mechanism that achieves an ordered, nested representation of knowledge in Neural Networks.
We employ this technique, along with a self-distillation methodology, in the realm of Federated Learning in a framework called FjORD.
FjORD consistently leads to significant performance gains over state-of-the-art baselines, while maintaining its nested structure.
arXiv Detail & Related papers (2021-02-26T13:07:43Z) - Mixed-Privacy Forgetting in Deep Networks [114.3840147070712]
We show that the influence of a subset of the training samples can be removed from the weights of a network trained on large-scale image classification tasks.
Inspired by real-world applications of forgetting techniques, we introduce a novel notion of forgetting in mixed-privacy setting.
We show that our method allows forgetting without having to trade off the model accuracy.
arXiv Detail & Related papers (2020-12-24T19:34:56Z) - Certified Distributional Robustness on Smoothed Classifiers [27.006844966157317]
We propose the worst-case adversarial loss over input distributions as a robustness certificate.
By exploiting duality and the smoothness property, we provide an easy-to-compute upper bound as a surrogate for the certificate.
arXiv Detail & Related papers (2020-10-21T13:22:25Z) - Accurate and Robust Feature Importance Estimation under Distribution
Shifts [49.58991359544005]
PRoFILE is a novel feature importance estimation method.
We show significant improvements over state-of-the-art approaches, both in terms of fidelity and robustness.
arXiv Detail & Related papers (2020-09-30T05:29:01Z) - Diversity inducing Information Bottleneck in Model Ensembles [73.80615604822435]
In this paper, we target the problem of generating effective ensembles of neural networks by encouraging diversity in prediction.
We explicitly optimize a diversity inducing adversarial loss for learning latent variables and thereby obtain diversity in the output predictions necessary for modeling multi-modal data.
Compared to the most competitive baselines, we show significant improvements in classification accuracy, under a shift in the data distribution.
arXiv Detail & Related papers (2020-03-10T03:10:41Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.