A new understanding of adversarial examples and adversarial robustness is proposedby decoupling the data generator and the label generator (which we call the teacher). Inour framework, adversarial robustness is a cond...A new understanding of adversarial examples and adversarial robustness is proposedby decoupling the data generator and the label generator (which we call the teacher). Inour framework, adversarial robustness is a conditional concept—the student model is notabsolutely robust, but robust with respect to the teacher. Based on the new understanding, we claim that adversarial examples exist because the student cannot obtain sufficientinformation of the teacher from the training data. Various ways of achieving robustness iscompared. Theoretical and numerical evidence shows that to efficiently attain robustness,a teacher that actively provides its information to the student may be necessary.展开更多
文摘A new understanding of adversarial examples and adversarial robustness is proposedby decoupling the data generator and the label generator (which we call the teacher). Inour framework, adversarial robustness is a conditional concept—the student model is notabsolutely robust, but robust with respect to the teacher. Based on the new understanding, we claim that adversarial examples exist because the student cannot obtain sufficientinformation of the teacher from the training data. Various ways of achieving robustness iscompared. Theoretical and numerical evidence shows that to efficiently attain robustness,a teacher that actively provides its information to the student may be necessary.
