Rethinking Robustness in Machine Learning: A Posterior Agreement Approach

Download PDF

João B. S. Carvalho, Víctor Jiménez Rodríguez, Alessandro Torcinovich, Antonio Emanuele Cinà, Carlos Cotrini, Lea Schönherr, Joachim M. Buhmann

Published: 14 Oct 2025, Last Modified: 14 Oct 2025Accepted by TMLREveryoneRevisionsBibTeXCC BY 4.0
Abstract: The robustness of algorithms against covariate shifts is a fundamental problem with critical implications for the deployment of machine learning algorithms in the real world. Current evaluation methods predominantly measure robustness through the lens of standard generalization, relying on task performance metrics like accuracy. This approach lacks a theoretical justification and underscores the need for a principled foundation of robustness assessment under distribution shifts. In this work, we set the desiderata for a robustness metric, and we propose a novel principled framework for the robustness assessment problem that directly follows the Posterior Agreement (PA) theory of model validation. Specifically, we extend the PA framework to the covariate shift setting and propose a metric for robustness evaluation. We assess the soundness of our metric in controlled environments and through an empirical robustness analysis in two different covariate shift scenarios: adversarial learning and domain generalization. We illustrate the suitability of PA by evaluating several models under different nature and magnitudes of shift, and proportion of affected observations. The results show that PA offers a reliable analysis of the vulnerabilities in learning algorithms across different shift conditions and provides higher discriminability than accuracy-based metrics, while requiring no supervision.
Submission Length: Long submission (more than 12 pages of main content)
Changes Since Last Submission: #### CAMERA READY We have changed some nomenclature (e.g., metric -> measure) and notation in the paper. Additionally, we made some sentences clearer. We thank the reviewers and the chair again for their work. #### REBUTTAL Following Rev. c1ic and iaqh, we have included new experiments with ImageNet and the Autoattack library (~ 40 new visualizations, in Appendix F) and discussed the results (Sec. Experimental Results and Appendix F), which align with the previous ones. Following Rev. 7tFM, we have restructured the Introduction to explain some unclear aspects of our work. We have also included a related work section of the PA framework and a background of the original approach in the methodology. Additionally, we have included further details of our experiments in the Experimental Results section. Finally, we also fixed minor things, such as the image alignment. Following Rev. c1ic, we provided further details on the computational time of the $\beta$ parameter. Following Rev. iaqh, we have discussed the differences between AFR and PA and updated the paper accordingly. We also fixed the required notation.
Assigned Action Editor: ~Mohammad_Emtiyaz_Khan1
Submission Number: 4422