18 research outputs found
A rational conjugate gradient method for linear ill-conditioned problems
We consider linear ill-conditioned operator equations in a Hilbert space
setting. Motivated by the aggregation method, we consider approximate solutions
constructed from linear combinations of Tikhonov regularization, which amounts
to finding solutions in a rational Krylov space. By mixing these with usual
Krylov spaces, we consider least-squares problem in these mixed rational
spaces. Applying the Arnoldi method leads to a sparse, pentadiagonal
representation of the forward operator, and we introduce the Lanczos method for
solving the least-squares problem by factorizing this matrix. Finally, we
present an equivalent conjugate-gradient-type method that does not rely on
explicit orthogonalization but uses short-term recursions and Tikhonov
regularization in each second step. We illustrate the convergence and
regularization properties by some numerical examples
General regularization in covariate shift adaptation
Sample reweighting is one of the most widely used methods for correcting the
error of least squares learning algorithms in reproducing kernel Hilbert spaces
(RKHS), that is caused by future data distributions that are different from the
training data distribution. In practical situations, the sample weights are
determined by values of the estimated Radon-Nikod\'ym derivative, of the future
data distribution w.r.t.~the training data distribution. In this work, we
review known error bounds for reweighted kernel regression in RKHS and obtain,
by combination, novel results. We show under weak smoothness conditions, that
the amount of samples, needed to achieve the same order of accuracy as in the
standard supervised learning without differences in data distributions, is
smaller than proven by state-of-the-art analyses
On regularized Radon-Nikodym differentiation
We discuss the problem of estimating Radon-Nikodym derivatives. This problem
appears in various applications, such as covariate shift adaptation,
likelihood-ratio testing, mutual information estimation, and conditional
probability estimation. To address the above problem, we employ the general
regularization scheme in reproducing kernel Hilbert spaces. The convergence
rate of the corresponding regularized algorithm is established by taking into
account both the smoothness of the derivative and the capacity of the space in
which it is estimated. This is done in terms of general source conditions and
the regularized Christoffel functions. We also find that the reconstruction of
Radon-Nikodym derivatives at any particular point can be done with high order
of accuracy. Our theoretical results are illustrated by numerical simulations.Comment: arXiv admin note: text overlap with arXiv:2307.1150
Rethinking data augmentation for adversarial robustness
Recent work has proposed novel data augmentation methods to improve the adversarial robustness of deep neural networks. In this paper, we re-evaluate such methods through the lens of different metrics that characterize the augmented manifold, finding contradictory evidence. Our extensive empirical analysis involving 5 data augmentation methods, all tested with an increasing probability of augmentation, shows that: (i) novel data augmentation methods proposed to improve adversarial robustness only improve it when combined with classical augmentations (like image flipping and rotation), and even worsen adversarial robustness if used in isolation; and (ii) adversarial robustness is significantly affected by the augmentation probability, conversely to what is claimed in recent work. We conclude by discussing how to rethink the development and evaluation of novel data augmentation methods for adversarial robustness. Our open-source code is available at https://github.com/eghbalz/rethink_da_for_a
Addressing Parameter Choice Issues in Unsupervised Domain Adaptation by Aggregation
We study the problem of choosing algorithm hyper-parameters in unsupervised
domain adaptation, i.e., with labeled data in a source domain and unlabeled
data in a target domain, drawn from a different input distribution. We follow
the strategy to compute several models using different hyper-parameters, and,
to subsequently compute a linear aggregation of the models. While several
heuristics exist that follow this strategy, methods are still missing that rely
on thorough theories for bounding the target error. In this turn, we propose a
method that extends weighted least squares to vector-valued functions, e.g.,
deep neural networks. We show that the target error of the proposed algorithm
is asymptotically not worse than twice the error of the unknown optimal
aggregation. We also perform a large scale empirical comparative study on
several datasets, including text, images, electroencephalogram, body sensor
signals and signals from mobile phones. Our method outperforms deep embedded
validation (DEV) and importance weighted validation (IWV) on all datasets,
setting a new state-of-the-art performance for solving parameter choice issues
in unsupervised domain adaptation with theoretical error guarantees. We further
study several competitive heuristics, all outperforming IWV and DEV on at least
five datasets. However, our method outperforms each heuristic on at least five
of seven datasets.Comment: Oral talk (notable-top-5%) at International Conference On Learning
Representations (ICLR), 202
Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning
The success of machine learning is fueled by the increasing availability of computing power and large training datasets. The training data is used to learn new models or update existing ones, assuming that it is sufficiently representative of the data that will be encountered at test time. This assumption is challenged by the threat of poisoning, an attack that manipulates the training data to compromise the model's performance at test time. Although poisoning has been acknowledged as a relevant threat in industry applications, and a variety of different attacks and defenses have been proposed so far, a complete systematization and critical review of the field is still missing. In this survey, we provide a comprehensive systematization of poisoning attacks and defenses in machine learning, reviewing more than 100 papers published in the field in the last 15 years. We start by categorizing the current threat models and attacks, and then organize existing defenses accordingly. While we focus mostly on computer-vision applications, we argue that our systematization also encompasses state-of-the-art attacks and defenses for other data modalities. Finally, we discuss existing resources for research in poisoning, and shed light on the current limitations and open research questions in this research field