pith. sign in

Theoretically Principled Trade-off between Robustness and Accuracy

https://arxiv · 2019 · cs.LG · arXiv 1901.08573

3 Pith papers cite this work. Polarity classification is still indexing.

3 Pith papers citing it
open full Pith review browse 3 citing papers arXiv PDF
abstract

We identify a trade-off between robustness and accuracy that serves as a guiding principle in the design of defenses against adversarial examples. Although this problem has been widely studied empirically, much remains unknown concerning the theory underlying this trade-off. In this work, we decompose the prediction error for adversarial examples (robust error) as the sum of the natural (classification) error and boundary error, and provide a differentiable upper bound using the theory of classification-calibrated loss, which is shown to be the tightest possible upper bound uniform over all probability distributions and measurable predictors. Inspired by our theoretical analysis, we also design a new defense method, TRADES, to trade adversarial robustness off against accuracy. Our proposed algorithm performs well experimentally in real-world datasets. The methodology is the foundation of our entry to the NeurIPS 2018 Adversarial Vision Challenge in which we won the 1st place out of ~2,000 submissions, surpassing the runner-up approach by $11.41\%$ in terms of mean $\ell_2$ perturbation distance.

citation-role summary

background 1

citation-polarity summary

background 1

fields

cs.CR 2 cs.LG 1

years

2026 2 2019 1

verdicts

UNVERDICTED 3

roles

background 1

polarities

background 1

representative citing papers

Laundering AI Authority with Adversarial Examples

cs.CR · 2026-05-05 · unverdicted · novelty 5.0

Adversarial examples enable AI authority laundering by causing production VLMs to give authoritative but wrong responses on subtly perturbed images, with success rates of 22-100% using decade-old attack methods.

citing papers explorer

Showing 3 of 3 citing papers.