Robustness Guarantees for Adversarial Training on Non-Separable Data

Yunjuan Wang; Kaibo Zhang; Raman Arora

Robustness Guarantees for Adversarial Training on Non-Separable Data

Yunjuan Wang, Kaibo Zhang, Raman Arora

21 Sept 2023 (modified: 11 Feb 2024)Submitted to ICLR 2024EveryoneRevisionsBibTeX

Supplementary Material: zip

Primary Area: general machine learning (i.e., none of the above)

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.

Keywords: Adversarial training, neural networks, convergence and generalization guarantees

Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.

Abstract: Adversarial training has emerged as a popular approach for training models that are robust to inference time attacks. However, our theoretical understanding of why and when it works remains limited. Prior work has offered convergence analysis of adversarial training, but they are either restricted to the Neural Tangent Kernel (NTK) regime or make restrictive assumptions about data such as linearly realizability. In this work, we provide convergence and generalization guarantees for adversarial training of two-layer networks of any width on non-separable data. Our analysis goes beyond the NTK regime and holds for both smooth and non-smooth activation functions. We support our theoretical findings with an empirical study on synthetic and real-world data.

Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.

No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.

Submission Number: 3898

Loading