Timezone: »

 
Poster
Learning Adversarially Robust Representations via Worst-Case Mutual Information Maximization
Sicheng Zhu · Xiao Zhang · David Evans

Tue Jul 14 09:00 AM -- 09:45 AM & Tue Jul 14 08:00 PM -- 08:45 PM (PDT) @ None #None
in Poster Session 3 »

Training machine learning models that are robust against adversarial inputs poses seemingly insurmountable challenges. To better understand adversarial robustness, we consider the underlying problem of learning robust representations. We develop a notion of representation vulnerability that captures the maximum change of mutual information between the input and output distributions, under the worst-case input perturbation. Then, we prove a theorem that establishes a lower bound on the minimum adversarial risk that can be achieved for any downstream classifier based on its representation vulnerability. We propose an unsupervised learning method for obtaining intrinsically robust representations by maximizing the worst-case mutual information between the input and output distributions. Experiments on downstream classification tasks %and analyses of saliency maps support the robustness of the representations found using unsupervised learning with our training principle.

Keywords: Adversarial Examples · Information Theory and Estimation · Robust Statistics and Machine Learning

Author Information

Sicheng Zhu (University of Virginia)
Xiao Zhang (University of Virginia)
David Evans (University of Virginia)

More from the Same Authors