Adversarially robust generalization theory via Jacobian regularization for deep neural networks
- URL: http://arxiv.org/abs/2412.12449v1
- Date: Tue, 17 Dec 2024 01:26:42 GMT
- Title: Adversarially robust generalization theory via Jacobian regularization for deep neural networks
- Authors: Dongya Wu, Xin Li,
- Abstract summary: We show that Jacobian regularization is closely related to adversarial training in that $ell_2$ or $ell_1$
Our theoretical results indicate that the norms of Jacobian are related to both standard and robust generalization.
This study promotes both theoretical and empirical understandings to adversarially robust generalization via Jacobian regularization.
- Score: 4.983567824636051
- License:
- Abstract: Powerful deep neural networks are vulnerable to adversarial attacks. To obtain adversarially robust models, researchers have separately developed adversarial training and Jacobian regularization techniques. There are abundant theoretical and empirical studies for adversarial training, but theoretical foundations for Jacobian regularization are still lacking. In this study, we show that Jacobian regularization is closely related to adversarial training in that $\ell_{2}$ or $\ell_{1}$ Jacobian regularized loss serves as an approximate upper bound on the adversarially robust loss under $\ell_{2}$ or $\ell_{\infty}$ adversarial attack respectively. Further, we establish the robust generalization gap for Jacobian regularized risk minimizer via bounding the Rademacher complexity of both the standard loss function class and Jacobian regularization function class. Our theoretical results indicate that the norms of Jacobian are related to both standard and robust generalization. We also perform experiments on MNIST data classification to demonstrate that Jacobian regularized risk minimization indeed serves as a surrogate for adversarially robust risk minimization, and that reducing the norms of Jacobian can improve both standard and robust generalization. This study promotes both theoretical and empirical understandings to adversarially robust generalization via Jacobian regularization.
Related papers
- Of Dice and Games: A Theory of Generalized Boosting [61.752303337418475]
We extend the celebrated theory of boosting to incorporate both cost-sensitive and multi-objective losses.
We develop a comprehensive theory of cost-sensitive and multi-objective boosting, providing a taxonomy of weak learning guarantees.
Our characterization relies on a geometric interpretation of boosting, revealing a surprising equivalence between cost-sensitive and multi-objective losses.
arXiv Detail & Related papers (2024-12-11T01:38:32Z) - On the Geometry of Regularization in Adversarial Training: High-Dimensional Asymptotics and Generalization Bounds [11.30047438005394]
This work investigates the question of how to choose the regularization norm $lVert cdot rVert$ in the context of high-dimensional adversarial training for binary classification.
We quantitatively characterize the relationship between perturbation size and the optimal choice of $lVert cdot rVert$, confirming the intuition that, in the data scarce regime, the type of regularization becomes increasingly important for adversarial training as perturbations grow in size.
arXiv Detail & Related papers (2024-10-21T14:53:12Z) - On the Generalization Ability of Unsupervised Pretraining [53.06175754026037]
Recent advances in unsupervised learning have shown that unsupervised pre-training, followed by fine-tuning, can improve model generalization.
This paper introduces a novel theoretical framework that illuminates the critical factor influencing the transferability of knowledge acquired during unsupervised pre-training to the subsequent fine-tuning phase.
Our results contribute to a better understanding of unsupervised pre-training and fine-tuning paradigm, and can shed light on the design of more effective pre-training algorithms.
arXiv Detail & Related papers (2024-03-11T16:23:42Z) - PAC-Bayesian Spectrally-Normalized Bounds for Adversarially Robust
Generalization [25.272738030198862]
Deep neural networks (DNNs) are vulnerable to adversarial attacks.
adversarially robust generalization is crucial in establishing defense algorithms against adversarial attacks.
This paper focuses on norm-based perturbation complexity, based on a PAC-Bayes approach.
arXiv Detail & Related papers (2023-10-09T22:20:27Z) - Generalizing and Improving Jacobian and Hessian Regularization [1.926971915834451]
We generalize previous efforts by extending the target matrix from zero to any matrix that admits efficient matrix-vector products.
The proposed paradigm allows us to construct novel regularization terms that enforce symmetry or diagonality on square Jacobian and Hessian matrices.
We introduce Lanczos-based spectral norm minimization to tackle this difficulty.
arXiv Detail & Related papers (2022-12-01T07:01:59Z) - On the Importance of Gradient Norm in PAC-Bayesian Bounds [92.82627080794491]
We propose a new generalization bound that exploits the contractivity of the log-Sobolev inequalities.
We empirically analyze the effect of this new loss-gradient norm term on different neural architectures.
arXiv Detail & Related papers (2022-10-12T12:49:20Z) - Jacobian Regularization for Mitigating Universal Adversarial
Perturbations [2.9465623430708905]
Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on large sets of data.
We derive upper bounds for the effectiveness of UAPs based on norms of data-dependent Jacobians.
arXiv Detail & Related papers (2021-04-21T11:00:21Z) - Robustness, Privacy, and Generalization of Adversarial Training [84.38148845727446]
This paper establishes and quantifies the privacy-robustness trade-off and generalization-robustness trade-off in adversarial training.
We show that adversarial training is $(varepsilon, delta)$-differentially private, where the magnitude of the differential privacy has a positive correlation with the robustified intensity.
Our generalization bounds do not explicitly rely on the parameter size which would be large in deep learning.
arXiv Detail & Related papers (2020-12-25T13:35:02Z) - Posterior Differential Regularization with f-divergence for Improving
Model Robustness [95.05725916287376]
We focus on methods that regularize the model posterior difference between clean and noisy inputs.
We generalize the posterior differential regularization to the family of $f$-divergences.
Our experiments show that regularizing the posterior differential with $f$-divergence can result in well-improved model robustness.
arXiv Detail & Related papers (2020-10-23T19:58:01Z) - In Search of Robust Measures of Generalization [79.75709926309703]
We develop bounds on generalization error, optimization error, and excess risk.
When evaluated empirically, most of these bounds are numerically vacuous.
We argue that generalization measures should instead be evaluated within the framework of distributional robustness.
arXiv Detail & Related papers (2020-10-22T17:54:25Z) - On the generalization of bayesian deep nets for multi-class
classification [27.39403411896995]
We propose a new generalization bound for Bayesian deep nets by exploiting the contractivity of the Log-Sobolev inequalities.
Using these inequalities adds an additional loss-gradient norm term to the generalization bound, which is intuitively a surrogate of the model complexity.
arXiv Detail & Related papers (2020-02-23T09:05:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.