%0 Journal Article %1 chen2020expand %A Chen, Lin %A Min, Yifei %A Zhang, Mingrui %A Karbasi, Amin %D 2020 %K adversarial %T More Data Can Expand the Generalization Gap Between Adversarially Robust and Standard Models %U http://arxiv.org/abs/2002.04725 %X Despite remarkable success in practice, modern machine learning models have been found to be susceptible to adversarial attacks that make human-imperceptible perturbations to the data, but result in serious and potentially dangerous prediction errors. To address this issue, practitioners often use adversarial training to learn models that are robust against such attacks at the cost of weaker generalization accuracy on unperturbed test sets. The conventional wisdom is that more training data should shrink the generalization gap between adversarially-trained models and standard models. However, we study the training of robust classifiers for both Gaussian and Bernoulli models under $\ell_ınfty$ attacks, and we prove that more data may actually increase this gap. Furthermore, our theoretical results identify if and when additional data will finally begin to shrink the gap. Lastly, we experimentally demonstrate that our results also hold for linear regression models, which may indicate that this phenomenon occurs more broadly.

@article{chen2020expand, abstract = {Despite remarkable success in practice, modern machine learning models have been found to be susceptible to adversarial attacks that make human-imperceptible perturbations to the data, but result in serious and potentially dangerous prediction errors. To address this issue, practitioners often use adversarial training to learn models that are robust against such attacks at the cost of weaker generalization accuracy on unperturbed test sets. The conventional wisdom is that more training data should shrink the generalization gap between adversarially-trained models and standard models. However, we study the training of robust classifiers for both Gaussian and Bernoulli models under $\ell_\infty$ attacks, and we prove that more data may actually increase this gap. Furthermore, our theoretical results identify if and when additional data will finally begin to shrink the gap. Lastly, we experimentally demonstrate that our results also hold for linear regression models, which may indicate that this phenomenon occurs more broadly.}, added-at = {2020-02-13T12:06:31.000+0100}, author = {Chen, Lin and Min, Yifei and Zhang, Mingrui and Karbasi, Amin}, biburl = {https://www.bibsonomy.org/bibtex/2030e4e1be1553a51db8dd26e6864d215/kirk86}, description = {[2002.04725] More Data Can Expand the Generalization Gap Between Adversarially Robust and Standard Models}, interhash = {810f429197a3aafd2734e4deaa3b4035}, intrahash = {030e4e1be1553a51db8dd26e6864d215}, keywords = {adversarial}, note = {cite arxiv:2002.04725Comment: First two authors contributed equally}, timestamp = {2020-02-13T12:06:31.000+0100}, title = {More Data Can Expand the Generalization Gap Between Adversarially Robust and Standard Models}, url = {http://arxiv.org/abs/2002.04725}, year = 2020 }