Machine Learning under Adversaries: How Structure in Data Helps by Ambar Pal

Venue: SIT001

Abstract: This talk overviews recent results in the theoretical foundations of adversarially robust machine learning. Modern ML classifiers can fail spectacularly when subject to specially crafted input-perturbations, called adversarial examples. On the other hand, humans are quite robust for several tasks involving vision. Motivated by this contrast, in the first part of this talk we will take a deeper dive into the question of when exactly adversarial examples can be avoided. We will see that a key property of the data distribution — localization on small volume subsets of the input space — characterizes whether any robust classifier exists. In the second part of this talk, we will empirically instantiate these results for a few localized data distributions, and demonstrate that utilizing such structure in data leads to practical classifiers that enjoy better provable robustness guarantees in several regimes. This talk is based on work at NeurIPS ’23, ’20 and TMLR ’23, ’24.

Bio: Ambar Pal is a scientist at Amazon Responsible AI. He received his PhD in Computer Science from the Johns Hopkins University. His current research is in the foundations of robust machine learning where he develops the theory and practice of tools that closely utilize structure in data for robust machine learning. His research has been awarded the CPAL rising star award and fellowships from JHU and Amazon.