Black-box Certification and Learning under Adversarial Perturbations

Part of Proceedings of the International Conference on Machine Learning 1 pre-proceedings (ICML 2020)

Hassan Ashtiani, Vinayak Pathak, Ruth Urner


<p>We formally study the problem of classification under adversarial perturbations, both from the learner's perspective, and from the viewpoint of a third-party who aims at certifying the robustness of a given black-box classifier. We further introduce and study a new setting of black-box certification under limited query budget. We analyze this for various classes of predictors and types of perturbation. We also consider the viewpoint of a black-box adversary that aims at finding adversarial examples, showing that the existence of an adversary with polynomial query complexity implies the existence of a robust learner with small sample complexity.</p>