Timezone: »
Poster
Unlabeled Data Improves Adversarial Robustness
Yair Carmon · Aditi Raghunathan · Ludwig Schmidt · John Duchi · Percy Liang
Wed Dec 11 10:45 AM -- 12:45 PM (PST) @ East Exhibition Hall B + C #34
We demonstrate, theoretically and empirically, that adversarial robustness can significantly benefit from semisupervised learning. Theoretically, we revisit the simple Gaussian model of Schmidt et al. that shows a sample complexity gap between standard and robust classification. We prove that unlabeled data bridges this gap: a simple semisupervised learning procedure (self-training) achieves high robust accuracy using the same number of labels required for achieving high standard accuracy. Empirically, we augment CIFAR-10 with 500K unlabeled images sourced from 80 Million Tiny Images and use robust self-training to outperform state-of-the-art robust accuracies by over 5 points in (i) $\ell_\infty$ robustness against several strong attacks via adversarial training and (ii) certified $\ell_2$ and $\ell_\infty$ robustness via randomized smoothing. On SVHN, adding the dataset's own extra training set with the labels removed provides gains of 4 to 10 points, within 1 point of the gain from using the extra labels.
Author Information
Yair Carmon (Stanford University)
Aditi Raghunathan (Stanford University)
Ludwig Schmidt (UC Berkeley)
John Duchi (Stanford)
Percy Liang (Stanford University)
More from the Same Authors
-
2020 Poster: Neural Bridge Sampling for Evaluating Safety-Critical Autonomous Systems »
Aman Sinha · Matthew O'Kelly · Russ Tedrake · John Duchi -
2020 Poster: Conic Descent and its Application to Memory-efficient Optimization over Positive Semidefinite Matrices »
John Duchi · Oliver Hinder · Andrew Naber · Yinyu Ye -
2020 Poster: The Pitfalls of Simplicity Bias in Neural Networks »
Harshay Shah · Kaustav Tamuly · Aditi Raghunathan · Prateek Jain · Praneeth Netrapalli -
2020 Poster: Acceleration with a Ball Optimization Oracle »
Yair Carmon · Arun Jambulapati · Qijia Jiang · Yujia Jin · Yin Tat Lee · Aaron Sidford · Kevin Tian -
2020 Poster: Large-Scale Methods for Distributionally Robust Optimization »
Daniel Levy · Yair Carmon · John Duchi · Aaron Sidford -
2020 Poster: Minibatch Stochastic Approximate Proximal Point Methods »
Hilal Asi · Karan Chadha · Gary Cheng · John Duchi -
2020 Spotlight: Minibatch Stochastic Approximate Proximal Point Methods »
Hilal Asi · Karan Chadha · Gary Cheng · John Duchi -
2020 Oral: Acceleration with a Ball Optimization Oracle »
Yair Carmon · Arun Jambulapati · Qijia Jiang · Yujia Jin · Yin Tat Lee · Aaron Sidford · Kevin Tian -
2020 Poster: Instance-optimality in differential privacy via approximate inverse sensitivity mechanisms »
Hilal Asi · John Duchi -
2020 Poster: Enabling certification of verification-agnostic networks via memory-efficient semidefinite programming »
Sumanth Dathathri · Krishnamurthy Dvijotham · Alexey Kurakin · Aditi Raghunathan · Jonathan Uesato · Rudy Bunel · Shreya Shankar · Jacob Steinhardt · Ian Goodfellow · Percy Liang · Pushmeet Kohli -
2019 Poster: Variance Reduction for Matrix Games »
Yair Carmon · Yujia Jin · Aaron Sidford · Kevin Tian -
2019 Oral: Variance Reduction for Matrix Games »
Yair Carmon · Yujia Jin · Aaron Sidford · Kevin Tian -
2019 Poster: Model Similarity Mitigates Test Set Overuse »
Horia Mania · John Miller · Ludwig Schmidt · Moritz Hardt · Benjamin Recht -
2019 Poster: A Meta-Analysis of Overfitting in Machine Learning »
Rebecca Roelofs · Vaishaal Shankar · Benjamin Recht · Sara Fridovich-Keil · Moritz Hardt · John Miller · Ludwig Schmidt -
2019 Poster: Necessary and Sufficient Geometries for Gradient Methods »
Daniel Levy · John Duchi -
2019 Oral: Necessary and Sufficient Geometries for Gradient Methods »
Daniel Levy · John Duchi -
2018 Poster: Analysis of Krylov Subspace Solutions of Regularized Non-Convex Quadratic Problems »
Yair Carmon · John Duchi -
2018 Oral: Analysis of Krylov Subspace Solutions of Regularized Non-Convex Quadratic Problems »
Yair Carmon · John Duchi -
2018 Poster: Generalizing to Unseen Domains via Adversarial Data Augmentation »
Riccardo Volpi · Hongseok Namkoong · Ozan Sener · John Duchi · Vittorio Murino · Silvio Savarese -
2018 Poster: Scalable End-to-End Autonomous Vehicle Testing via Rare-event Simulation »
Matthew O'Kelly · Aman Sinha · Hongseok Namkoong · Russ Tedrake · John Duchi -
2018 Poster: Semidefinite relaxations for certifying robustness to adversarial examples »
Aditi Raghunathan · Jacob Steinhardt · Percy Liang -
2017 Poster: Variance-based Regularization with Convex Objectives »
Hongseok Namkoong · John Duchi -
2017 Poster: Learning Mixture of Gaussians with Streaming Data »
Aditi Raghunathan · Prateek Jain · Ravishankar Krishnawamy -
2017 Oral: Variance-based Regularization with Convex Objectives »
Hongseok Namkoong · John Duchi -
2017 Poster: Unsupervised Transformation Learning via Convex Relaxations »
Tatsunori Hashimoto · Percy Liang · John Duchi -
2016 Poster: Local Minimax Complexity of Stochastic Convex Optimization »
sabyasachi chatterjee · John Duchi · John Lafferty · Yuancheng Zhu -
2016 Poster: Stochastic Gradient Methods for Distributionally Robust Optimization with f-divergences »
Hongseok Namkoong · John Duchi -
2016 Poster: Learning Kernels with Random Features »
Aman Sinha · John Duchi -
2015 Poster: Asynchronous stochastic convex optimization: the noise is in the noise and SGD don't care »
Sorathan Chaturapruek · John Duchi · Christopher RĂ© -
2013 Poster: Information-theoretic lower bounds for distributed statistical estimation with communication constraints »
Yuchen Zhang · John Duchi · Michael Jordan · Martin J Wainwright -
2013 Oral: Information-theoretic lower bounds for distributed statistical estimation with communication constraints »
Yuchen Zhang · John Duchi · Michael Jordan · Martin J Wainwright -
2013 Poster: Local Privacy and Minimax Bounds: Sharp Rates for Probability Estimation »
John Duchi · Martin J Wainwright · Michael Jordan -
2013 Poster: Estimation, Optimization, and Parallelism when Data is Sparse »
John Duchi · Michael Jordan · Brendan McMahan -
2012 Workshop: Big Learning : Algorithms, Systems, and Tools »
Sameer Singh · John Duchi · Yucheng Low · Joseph E Gonzalez -
2012 Poster: Privacy Aware Learning »
John Duchi · Michael Jordan · Martin J Wainwright -
2012 Poster: Communication-Efficient Algorithms for Statistical Optimization »
Yuchen Zhang · John Duchi · Martin J Wainwright -
2012 Oral: Privacy Aware Learning »
John Duchi · Michael Jordan · Martin J Wainwright -
2012 Poster: Finite Sample Convergence Rates of Zero-Order Stochastic Optimization Methods »
John Duchi · Michael Jordan · Martin J Wainwright · Andre Wibisono -
2011 Poster: Distributed Delayed Stochastic Optimization »
Alekh Agarwal · John Duchi -
2010 Workshop: Learning on Cores, Clusters, and Clouds »
Alekh Agarwal · Lawrence Cayton · Ofer Dekel · John Duchi · John Langford -
2010 Spotlight: Distributed Dual Averaging In Networks »
John Duchi · Alekh Agarwal · Martin J Wainwright -
2010 Poster: Distributed Dual Averaging In Networks »
John Duchi · Alekh Agarwal · Martin J Wainwright -
2009 Poster: Efficient Learning using Forward-Backward Splitting »
John Duchi · Yoram Singer -
2009 Oral: Efficient Learning using Forward-Backward Splitting »
John Duchi · Yoram Singer -
2006 Poster: Using Combinatorial Optimization within Max-Product Belief Propagation »
John Duchi · Daniel Tarlow · Gal Elidan · Daphne Koller -
2006 Spotlight: Using Combinatorial Optimization within Max-Product Belief Propagation »
John Duchi · Daniel Tarlow · Gal Elidan · Daphne Koller