{"id":"https://openalex.org/W3131646897","doi":"https://doi.org/10.1109/icmla51294.2020.00117","title":"Lower Bounds for Adversarially Robust PAC Learning under Evasion and Hybrid Attacks","display_name":"Lower Bounds for Adversarially Robust PAC Learning under Evasion and Hybrid Attacks","publication_year":2020,"publication_date":"2020-12-01","ids":{"openalex":"https://openalex.org/W3131646897","doi":"https://doi.org/10.1109/icmla51294.2020.00117","mag":"3131646897"},"language":"en","primary_location":{"id":"doi:10.1109/icmla51294.2020.00117","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla51294.2020.00117","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 19th IEEE International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074847249","display_name":"Dimitrios I. Diochnos","orcid":"https://orcid.org/0000-0002-2934-606X"},"institutions":[{"id":"https://openalex.org/I8692664","display_name":"University of Oklahoma","ror":"https://ror.org/02aqsxs83","country_code":"US","type":"education","lineage":["https://openalex.org/I8692664"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Dimitrios I. Diochnos","raw_affiliation_strings":["University of Oklahoma"],"affiliations":[{"raw_affiliation_string":"University of Oklahoma","institution_ids":["https://openalex.org/I8692664"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049153799","display_name":"Saeed Mahloujifar","orcid":"https://orcid.org/0000-0001-6586-8378"},"institutions":[{"id":"https://openalex.org/I2800565835","display_name":"Princeton Public Schools","ror":"https://ror.org/041m1e551","country_code":"US","type":"education","lineage":["https://openalex.org/I2800565835"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Saeed Mahloujifar","raw_affiliation_strings":["Princeton"],"affiliations":[{"raw_affiliation_string":"Princeton","institution_ids":["https://openalex.org/I2800565835"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070147229","display_name":"Mohammad Mahmoody","orcid":"https://orcid.org/0000-0002-6839-4697"},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mohammad Mahmoody","raw_affiliation_strings":["University of Virginia"],"affiliations":[{"raw_affiliation_string":"University of Virginia","institution_ids":["https://openalex.org/I51556381"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5074847249"],"corresponding_institution_ids":["https://openalex.org/I8692664"],"apc_list":null,"apc_paid":null,"fwci":0.1326,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.58151981,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"abs 1704 1155","issue":null,"first_page":"717","last_page":"722"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12072","display_name":"Machine Learning and Algorithms","score":0.9836000204086304,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.973800003528595,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/bounded-function","display_name":"Bounded function","score":0.695094108581543},{"id":"https://openalex.org/keywords/discrete-mathematics","display_name":"Discrete mathematics","score":0.48668962717056274},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.47587862610816956},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4718087911605835},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.4667637050151825},{"id":"https://openalex.org/keywords/dimension","display_name":"Dimension (graph theory)","score":0.4524277150630951},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.45105046033859253},{"id":"https://openalex.org/keywords/sublinear-function","display_name":"Sublinear function","score":0.41879579424858093},{"id":"https://openalex.org/keywords/combinatorics","display_name":"Combinatorics","score":0.39848780632019043},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.34037405252456665},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21971580386161804}],"concepts":[{"id":"https://openalex.org/C34388435","wikidata":"https://www.wikidata.org/wiki/Q2267362","display_name":"Bounded function","level":2,"score":0.695094108581543},{"id":"https://openalex.org/C118615104","wikidata":"https://www.wikidata.org/wiki/Q121416","display_name":"Discrete mathematics","level":1,"score":0.48668962717056274},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.47587862610816956},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4718087911605835},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.4667637050151825},{"id":"https://openalex.org/C33676613","wikidata":"https://www.wikidata.org/wiki/Q13415176","display_name":"Dimension (graph theory)","level":2,"score":0.4524277150630951},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.45105046033859253},{"id":"https://openalex.org/C117160843","wikidata":"https://www.wikidata.org/wiki/Q338652","display_name":"Sublinear function","level":2,"score":0.41879579424858093},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.39848780632019043},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.34037405252456665},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21971580386161804},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icmla51294.2020.00117","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla51294.2020.00117","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 19th IEEE International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":81,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W1573820523","https://openalex.org/W1673923490","https://openalex.org/W1905905554","https://openalex.org/W1945616565","https://openalex.org/W1968998685","https://openalex.org/W2101930583","https://openalex.org/W2112507308","https://openalex.org/W2144324158","https://openalex.org/W2180443860","https://openalex.org/W2607219512","https://openalex.org/W2748789698","https://openalex.org/W2799031776","https://openalex.org/W2799032899","https://openalex.org/W2803732607","https://openalex.org/W2807539765","https://openalex.org/W2894553193","https://openalex.org/W2897297967","https://openalex.org/W2897355816","https://openalex.org/W2898193427","https://openalex.org/W2900771463","https://openalex.org/W2915022044","https://openalex.org/W2962797544","https://openalex.org/W2962902183","https://openalex.org/W2962972504","https://openalex.org/W2963203412","https://openalex.org/W2963289726","https://openalex.org/W2963343288","https://openalex.org/W2963344237","https://openalex.org/W2963353335","https://openalex.org/W2963777481","https://openalex.org/W2963857521","https://openalex.org/W2964082701","https://openalex.org/W2964116600","https://openalex.org/W2964253222","https://openalex.org/W2965341833","https://openalex.org/W2970273067","https://openalex.org/W2982567760","https://openalex.org/W3006307757","https://openalex.org/W3034734289","https://openalex.org/W3103836116","https://openalex.org/W3103940881","https://openalex.org/W3137304074","https://openalex.org/W4238893454","https://openalex.org/W4288602039","https://openalex.org/W4288618201","https://openalex.org/W4289362790","https://openalex.org/W4293846201","https://openalex.org/W4294597994","https://openalex.org/W4298140072","https://openalex.org/W4298214305","https://openalex.org/W4394644156","https://openalex.org/W6637162671","https://openalex.org/W6639907026","https://openalex.org/W6640425456","https://openalex.org/W6676935882","https://openalex.org/W6681561666","https://openalex.org/W6683603133","https://openalex.org/W6736207377","https://openalex.org/W6739868092","https://openalex.org/W6743581629","https://openalex.org/W6745621080","https://openalex.org/W6748347497","https://openalex.org/W6750462152","https://openalex.org/W6750689634","https://openalex.org/W6750707585","https://openalex.org/W6751762734","https://openalex.org/W6752396841","https://openalex.org/W6754248458","https://openalex.org/W6755282202","https://openalex.org/W6755310938","https://openalex.org/W6755485836","https://openalex.org/W6755817764","https://openalex.org/W6755829279","https://openalex.org/W6756245880","https://openalex.org/W6758889092","https://openalex.org/W6759410175","https://openalex.org/W6763421666","https://openalex.org/W6767458029","https://openalex.org/W6774357917","https://openalex.org/W6864546407"],"related_works":["https://openalex.org/W90906771","https://openalex.org/W2018828772","https://openalex.org/W2529185025","https://openalex.org/W2052708136","https://openalex.org/W2809723425","https://openalex.org/W2005302727","https://openalex.org/W4289097813","https://openalex.org/W3082028334","https://openalex.org/W1973725449","https://openalex.org/W4310831791"],"abstract_inverted_index":{"In":[0,15],"this":[1],"work,":[2],"we":[3,176],"study":[4],"probably":[5],"approximately":[6],"correct":[7],"(PAC)":[8],"learning":[9,126,211],"under":[10,101,215],"general":[11,180],"perturbation-based":[12],"adversarial":[13],"attacks.":[14,164],"the":[16,26,51,58,65,108,122,134,145,179,204,224,229],"most":[17],"basic":[18],"setting,":[19],"referred":[20],"to":[21,30,112,115,202,228],"as":[22],"an":[23,32],"evasion":[24,146,163,185],"attack,":[25],"adversary's":[27,184],"goal":[28],"is":[29,50,57,67,70,110,131,148,159,187,212,221],"misclassify":[31],"honestly":[33],"sampled":[34],"point":[35],"x":[36],"by":[37,77,150,161,190],"adversarially":[38],"perturbing":[39],"it":[40,220],"into":[41],"x\u0303,":[42],"i.e.,":[43],"h(x\u0303)":[44],"=":[45],"\u2260":[46],"c(x\u0303),":[47],"where":[48],"c":[49],"ground":[52],"truth":[53],"concept":[54],"and":[55,200],"h":[56],"learned":[59],"hypothesis.":[60],"The":[61],"only":[62,188],"limitation":[63],"on":[64,178,197],"adversary":[66,109],"that":[68,84,130,209],"x\u0303":[69],"not":[71],"\u201ctoo":[72],"far\u201d":[73],"from":[74],"x,":[75],"controlled":[76,189],"a":[78,116,151,156,191],"metric":[79],"measure.":[80],"We":[81,138,207],"first":[82],"prove":[83],"for":[85],"many":[86],"theoretically":[87],"natural":[88],"input":[89],"spaces":[90],"of":[91,119,167,194],"high":[92],"dimension":[93,99,136,199],"n":[94,100],"(e.g.,":[95,226],"isotropic":[96],"Gaussian":[97],"in":[98,121,133,143,154,182],"\u2113":[102],"<sub":[103],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[104],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">2</sub>":[105],"perturbations),":[106],"if":[107],"allowed":[111],"apply":[113],"up":[114],"sublinear":[117],"amount":[118,193],"perturbations":[120],"expected":[123],"norm,":[124],"PAC":[125,210],"requires":[127],"sample":[128],"complexity":[129],"exponential":[132],"data":[135,198],"n.":[137],"then":[139],"formalize":[140],"hybrid":[141,168,217],"attacks":[142,169],"which":[144,155,183],"attack":[147,153,186,225],"preceded":[149],"poisoning":[152,157],"phase":[158],"followed":[160],"specific":[162],"Special":[165],"forms":[166],"include":[170],"so-called":[171],"\u201cbackdoor":[172],"attacks\u201d":[173],"but":[174],"here":[175],"focus":[177],"setting":[181],"pre-specified":[192],"perturbation":[195],"based":[196],"aim":[201],"misclassifying":[203],"perturbed":[205],"instances.":[206],"show":[208],"sometimes":[213],"impossible":[214],"such":[216],"attacks,":[218],"while":[219],"possible":[222],"without":[223],"due":[227],"bounded":[230],"VC":[231],"dimension).":[232]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}