Machine learning researchers have long noticed the phenomenon that the model training process will be more effective and efficient when the training samples are densely sampled around the underlying decision boundary. While this observation has already been widely applied in a range of machine learning security techniques, it lacks theoretical analyses of the correctness of the observation. To address this challenge, we first add particular perturbation to original training examples using adversarial attack methods so that the generated examples could lie approximately on the decision boundary of the ML classifiers. We then investigate the connections between active learning and these particular training examples. Through analyzing various representative classifiers such as k-NN classifiers, kernel methods as well as deep neural networks, we establish a theoretical foundation for the observation. As a result, our theoretical proofs provide support to more efficient active learning methods with the help of adversarial examples, contrary to previous works where adversarial examples are often used as destructive solutions. Experimental results show that the established theoretical foundation will guide better active learning strategies based on adversarial examples.
翻译:长期以来,机器学习研究人员一直注意到,当培训样本在基本决定界限周围密集取样时,示范培训过程将更加有效和高效。虽然这一观察已经广泛应用于一系列机器学习安全技术,但缺乏对观察的正确性进行理论分析。为了应对这一挑战,我们首先在原始培训实例中添加特别扰动,使用对抗攻击方法,这样所产生的实例可以大致放在ML分类师的决定界限上。然后我们调查积极学习与这些特定培训实例之间的联系。我们通过分析各种有代表性的分类师,例如 k-NNN分类员、内核方法和深层神经网络,我们为观察工作建立了一个理论基础。结果,我们的理论证据为更高效的积极学习方法提供了支持,而利用对抗性实例,与以前常常使用对抗性实例作为破坏性解决办法的工程不同。实验结果表明,既定的理论基础将指导基于对抗性实例的更积极的学习战略。
相关内容
微信扫码咨询专知VIP会员