6 research outputs found
LQR Control with Sparse Adversarial Disturbances
Recent developments in cyber-physical systems and event-triggered control
have led to an increased interest in the impact of sparse disturbances on
dynamical processes. We study Linear Quadratic Regulator (LQR) control under
sparse disturbances by analyzing three distinct policies: the blind online
policy, the disturbance-aware policy, and the optimal offline policy. We derive
the two-dimensional recurrence structure of the optimal disturbance-aware
policy, under the assumption that the controller has information about future
disturbance values with only a probabilistic model of their locations in time.
Under mild conditions, we show that the disturbance-aware policy converges to
the blind online policy if the number of disturbances grows sublinearly in the
time horizon. Finally, we provide a finite-horizon regret bound between the
blind online policy and optimal offline policy, which is proven to be quadratic
in the number of disturbances and in their magnitude. This provides a useful
characterization of the suboptimality of a standard LQR controller when
confronted with unexpected sparse perturbations.Comment: 61st IEEE Conference on Decision and Contro
Projected Randomized Smoothing for Certified Adversarial Robustness
Randomized smoothing is the current state-of-the-art method for producing
provably robust classifiers. While randomized smoothing typically yields robust
-ball certificates, recent research has generalized provable robustness
to different norm balls as well as anisotropic regions. This work considers a
classifier architecture that first projects onto a low-dimensional
approximation of the data manifold and then applies a standard classifier. By
performing randomized smoothing in the low-dimensional projected space, we
characterize the certified region of our smoothed composite classifier back in
the high-dimensional input space and prove a tractable lower bound on its
volume. We show experimentally on CIFAR-10 and SVHN that classifiers without
the initial projection are vulnerable to perturbations that are normal to the
data manifold and yet are captured by the certified regions of our method. We
compare the volume of our certified regions against various baselines and show
that our method improves on the state-of-the-art by many orders of magnitude.Comment: Transactions on Machine Learning Research (TMLR) 202
Initial State Interventions for Deconfounded Imitation Learning
Imitation learning suffers from causal confusion. This phenomenon occurs when
learned policies attend to features that do not causally influence the expert
actions but are instead spuriously correlated. Causally confused agents produce
low open-loop supervised loss but poor closed-loop performance upon deployment.
We consider the problem of masking observed confounders in a disentangled
representation of the observation space. Our novel masking algorithm leverages
the usual ability to intervene in the initial system state, avoiding any
requirement involving expert querying, expert reward functions, or causal graph
specification. Under certain assumptions, we theoretically prove that this
algorithm is conservative in the sense that it does not incorrectly mask
observations that causally influence the expert; furthermore, intervening on
the initial state serves to strictly reduce excess conservatism. The masking
algorithm is applied to behavior cloning for two illustrative control systems:
CartPole and Reacher.Comment: 62nd IEEE Conference on Decision and Contro
Asymmetric Certified Robustness via Feature-Convex Neural Networks
Recent works have introduced input-convex neural networks (ICNNs) as learning
models with advantageous training, inference, and generalization properties
linked to their convex structure. In this paper, we propose a novel
feature-convex neural network architecture as the composition of an ICNN with a
Lipschitz feature map in order to achieve adversarial robustness. We consider
the asymmetric binary classification setting with one "sensitive" class, and
for this class we prove deterministic, closed-form, and easily-computable
certified robust radii for arbitrary -norms. We theoretically justify
the use of these models by characterizing their decision region geometry,
extending the universal approximation theorem for ICNN regression to the
classification setting, and proving a lower bound on the probability that such
models perfectly fit even unstructured uniformly distributed data in
sufficiently high dimensions. Experiments on Malimg malware classification and
subsets of MNIST, Fashion-MNIST, and CIFAR-10 datasets show that feature-convex
classifiers attain state-of-the-art certified -radii as well as
substantial - and -radii while being far more
computationally efficient than any competitive baseline.Comment: 37th Conference on Neural Information Processing Systems (NeurIPS
2023