The Price of Implicit Bias in Adversarially Robust Generalization

Nikolaos Tsilivis; Natalie S. Frank; Nathan Srebro; Julia Kempe

The Price of Implicit Bias in Adversarially Robust Generalization

Nikolaos Tsilivis, Natalie S. Frank, Nathan Srebro, Julia Kempe

Computer Science

Research output: Contribution to journal › Conference article › peer-review

Abstract

We study the implicit bias of optimization in robust empirical risk minimization (robust ERM) and its connection with robust generalization. In classification settings under adversarial perturbations with linear models, we study what type of regularization should ideally be applied for a given perturbation set to improve (robust) generalization. We then show that the implicit bias of optimization in robust ERM can significantly affect the robustness of the model and identify two ways this can happen; either through the optimization algorithm or the architecture. We verify our predictions in simulations with synthetic data and experimentally study the importance of implicit bias in robust ERM with deep neural networks.

Original language	English (US)
Journal	Advances in Neural Information Processing Systems
Volume	37
State	Published - 2024
Event	38th Conference on Neural Information Processing Systems, NeurIPS 2024 - Vancouver, Canada Duration: Dec 9 2024 → Dec 15 2024

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Signal Processing

Cite this

@article{a770deb993c142a2bc596e2b022f2d85,

title = "The Price of Implicit Bias in Adversarially Robust Generalization",

abstract = "We study the implicit bias of optimization in robust empirical risk minimization (robust ERM) and its connection with robust generalization. In classification settings under adversarial perturbations with linear models, we study what type of regularization should ideally be applied for a given perturbation set to improve (robust) generalization. We then show that the implicit bias of optimization in robust ERM can significantly affect the robustness of the model and identify two ways this can happen; either through the optimization algorithm or the architecture. We verify our predictions in simulations with synthetic data and experimentally study the importance of implicit bias in robust ERM with deep neural networks.",

author = "Nikolaos Tsilivis and Frank, {Natalie S.} and Nathan Srebro and Julia Kempe",

note = "Publisher Copyright: {\textcopyright} 2024 Neural information processing systems foundation. All rights reserved.; 38th Conference on Neural Information Processing Systems, NeurIPS 2024 ; Conference date: 09-12-2024 Through 15-12-2024",

year = "2024",

language = "English (US)",

volume = "37",

journal = "Advances in Neural Information Processing Systems",

issn = "1049-5258",

publisher = "Neural information processing systems foundation",

}

TY - JOUR

T1 - The Price of Implicit Bias in Adversarially Robust Generalization

AU - Tsilivis, Nikolaos

AU - Frank, Natalie S.

AU - Srebro, Nathan

AU - Kempe, Julia

PY - 2024

Y1 - 2024

N2 - We study the implicit bias of optimization in robust empirical risk minimization (robust ERM) and its connection with robust generalization. In classification settings under adversarial perturbations with linear models, we study what type of regularization should ideally be applied for a given perturbation set to improve (robust) generalization. We then show that the implicit bias of optimization in robust ERM can significantly affect the robustness of the model and identify two ways this can happen; either through the optimization algorithm or the architecture. We verify our predictions in simulations with synthetic data and experimentally study the importance of implicit bias in robust ERM with deep neural networks.

AB - We study the implicit bias of optimization in robust empirical risk minimization (robust ERM) and its connection with robust generalization. In classification settings under adversarial perturbations with linear models, we study what type of regularization should ideally be applied for a given perturbation set to improve (robust) generalization. We then show that the implicit bias of optimization in robust ERM can significantly affect the robustness of the model and identify two ways this can happen; either through the optimization algorithm or the architecture. We verify our predictions in simulations with synthetic data and experimentally study the importance of implicit bias in robust ERM with deep neural networks.

UR - http://www.scopus.com/inward/record.url?scp=105000552992&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=105000552992&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:105000552992

SN - 1049-5258

VL - 37

JO - Advances in Neural Information Processing Systems

JF - Advances in Neural Information Processing Systems

T2 - 38th Conference on Neural Information Processing Systems, NeurIPS 2024

Y2 - 9 December 2024 through 15 December 2024

ER -

The Price of Implicit Bias in Adversarially Robust Generalization

Abstract

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this