Characterizing Data Point Vulnerability via Average-Case Robustness

Studying the robustness of machine learning models is important to ensure consistent model behaviour across real-world settings. To this end, adversarial robustness is a standard framework, which views robustness of predictions through a binary lens: either a worst-case adversarial misclassification...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2024-07
Main Authors: Han, Tessa, Srinivas, Suraj, Lakkaraju, Himabindu
Format: Article
Language:English
Subjects:
Deep learning
Estimators
Linear functions
Machine learning
Perturbation
Robustness (mathematics)
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Han, Tessa
Srinivas, Suraj
Lakkaraju, Himabindu
description Studying the robustness of machine learning models is important to ensure consistent model behaviour across real-world settings. To this end, adversarial robustness is a standard framework, which views robustness of predictions through a binary lens: either a worst-case adversarial misclassification exists in the local region around an input, or it does not. However, this binary perspective does not account for the degrees of vulnerability, as data points with a larger number of misclassified examples in their neighborhoods are more vulnerable. In this work, we consider a complementary framework for robustness, called average-case robustness, which measures the fraction of points in a local region that provides consistent predictions. However, computing this quantity is hard, as standard Monte Carlo approaches are inefficient especially for high-dimensional inputs. In this work, we propose the first analytical estimators for average-case robustness for multi-class classifiers. We show empirically that our estimators are accurate and efficient for standard deep learning models and demonstrate their usefulness for identifying vulnerable data points, as well as quantifying robustness bias of models. Overall, our tools provide a complementary view to robustness, improving our ability to characterize model behaviour.
format article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2842691727</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2842691727</sourcerecordid><originalsourceid>FETCH-proquest_journals_28426917273</originalsourceid><addsrcrecordid>eNqNjrEKwjAURYMgWLT_EHAutC-20VGi4igiruVVYk0pieYlBf16O_gBTpfDOcOdsASEKLL1CmDGUqIuz3OoJJSlSJhSD_R4C9qbj7Et32FAfnLGBn6NvdUeG9Ob8OaDQb4dRm51ppA0P7smUrCaaMGmd-xJp7-ds-Vhf1HH7OndK2oKdeeit6OqYXxRbQoJUvxXfQEOZzpg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2842691727</pqid></control><display><type>article</type><title>Characterizing Data Point Vulnerability via Average-Case Robustness</title><source>Publicly Available Content Database (ProQuest Open Access資料庫)</source><creator>Han, Tessa ; Srinivas, Suraj ; Lakkaraju, Himabindu</creator><creatorcontrib>Han, Tessa ; Srinivas, Suraj ; Lakkaraju, Himabindu</creatorcontrib><description>Studying the robustness of machine learning models is important to ensure consistent model behaviour across real-world settings. To this end, adversarial robustness is a standard framework, which views robustness of predictions through a binary lens: either a worst-case adversarial misclassification exists in the local region around an input, or it does not. However, this binary perspective does not account for the degrees of vulnerability, as data points with a larger number of misclassified examples in their neighborhoods are more vulnerable. In this work, we consider a complementary framework for robustness, called average-case robustness, which measures the fraction of points in a local region that provides consistent predictions. However, computing this quantity is hard, as standard Monte Carlo approaches are inefficient especially for high-dimensional inputs. In this work, we propose the first analytical estimators for average-case robustness for multi-class classifiers. We show empirically that our estimators are accurate and efficient for standard deep learning models and demonstrate their usefulness for identifying vulnerable data points, as well as quantifying robustness bias of models. Overall, our tools provide a complementary view to robustness, improving our ability to characterize model behaviour.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Deep learning ; Estimators ; Linear functions ; Machine learning ; Perturbation ; Robustness (mathematics)</subject><ispartof>arXiv.org, 2024-07</ispartof><rights>2024. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2842691727?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25753,37012,44590</link.rule.ids></links><search><creatorcontrib>Han, Tessa</creatorcontrib><creatorcontrib>Srinivas, Suraj</creatorcontrib><creatorcontrib>Lakkaraju, Himabindu</creatorcontrib><title>Characterizing Data Point Vulnerability via Average-Case Robustness</title><title>arXiv.org</title><description>Studying the robustness of machine learning models is important to ensure consistent model behaviour across real-world settings. To this end, adversarial robustness is a standard framework, which views robustness of predictions through a binary lens: either a worst-case adversarial misclassification exists in the local region around an input, or it does not. However, this binary perspective does not account for the degrees of vulnerability, as data points with a larger number of misclassified examples in their neighborhoods are more vulnerable. In this work, we consider a complementary framework for robustness, called average-case robustness, which measures the fraction of points in a local region that provides consistent predictions. However, computing this quantity is hard, as standard Monte Carlo approaches are inefficient especially for high-dimensional inputs. In this work, we propose the first analytical estimators for average-case robustness for multi-class classifiers. We show empirically that our estimators are accurate and efficient for standard deep learning models and demonstrate their usefulness for identifying vulnerable data points, as well as quantifying robustness bias of models. Overall, our tools provide a complementary view to robustness, improving our ability to characterize model behaviour.</description><subject>Deep learning</subject><subject>Estimators</subject><subject>Linear functions</subject><subject>Machine learning</subject><subject>Perturbation</subject><subject>Robustness (mathematics)</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNjrEKwjAURYMgWLT_EHAutC-20VGi4igiruVVYk0pieYlBf16O_gBTpfDOcOdsASEKLL1CmDGUqIuz3OoJJSlSJhSD_R4C9qbj7Et32FAfnLGBn6NvdUeG9Ob8OaDQb4dRm51ppA0P7smUrCaaMGmd-xJp7-ds-Vhf1HH7OndK2oKdeeit6OqYXxRbQoJUvxXfQEOZzpg</recordid><startdate>20240708</startdate><enddate>20240708</enddate><creator>Han, Tessa</creator><creator>Srinivas, Suraj</creator><creator>Lakkaraju, Himabindu</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20240708</creationdate><title>Characterizing Data Point Vulnerability via Average-Case Robustness</title><author>Han, Tessa ; Srinivas, Suraj ; Lakkaraju, Himabindu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_28426917273</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Deep learning</topic><topic>Estimators</topic><topic>Linear functions</topic><topic>Machine learning</topic><topic>Perturbation</topic><topic>Robustness (mathematics)</topic><toplevel>online_resources</toplevel><creatorcontrib>Han, Tessa</creatorcontrib><creatorcontrib>Srinivas, Suraj</creatorcontrib><creatorcontrib>Lakkaraju, Himabindu</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database (ProQuest Open Access資料庫)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Han, Tessa</au><au>Srinivas, Suraj</au><au>Lakkaraju, Himabindu</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Characterizing Data Point Vulnerability via Average-Case Robustness</atitle><jtitle>arXiv.org</jtitle><date>2024-07-08</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>Studying the robustness of machine learning models is important to ensure consistent model behaviour across real-world settings. To this end, adversarial robustness is a standard framework, which views robustness of predictions through a binary lens: either a worst-case adversarial misclassification exists in the local region around an input, or it does not. However, this binary perspective does not account for the degrees of vulnerability, as data points with a larger number of misclassified examples in their neighborhoods are more vulnerable. In this work, we consider a complementary framework for robustness, called average-case robustness, which measures the fraction of points in a local region that provides consistent predictions. However, computing this quantity is hard, as standard Monte Carlo approaches are inefficient especially for high-dimensional inputs. In this work, we propose the first analytical estimators for average-case robustness for multi-class classifiers. We show empirically that our estimators are accurate and efficient for standard deep learning models and demonstrate their usefulness for identifying vulnerable data points, as well as quantifying robustness bias of models. Overall, our tools provide a complementary view to robustness, improving our ability to characterize model behaviour.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2024-07
issn 2331-8422
language eng
recordid cdi_proquest_journals_2842691727
source Publicly Available Content Database (ProQuest Open Access資料庫)
subjects Deep learning
Estimators
Linear functions
Machine learning
Perturbation
Robustness (mathematics)
title Characterizing Data Point Vulnerability via Average-Case Robustness
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-04T06%3A06%3A31IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Characterizing%20Data%20Point%20Vulnerability%20via%20Average-Case%20Robustness&rft.jtitle=arXiv.org&rft.au=Han,%20Tessa&rft.date=2024-07-08&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2842691727%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_28426917273%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2842691727&rft_id=info:pmid/&rfr_iscdi=true