Robust machine learning formulations have emerged to address the prevalent vulnerability of deep neural networks to adversarial examples. Our work draws the connection between optimal robust learning and the privacy-utility tradeoff problem, which is a generalization of the rate-distortion problem. The saddle point of the game between a robust classifier and an adversarial perturbation can be found via the solution of a maximum conditional entropy problem. This information-theoretic perspective sheds light on the fundamental tradeoff between robustness and clean data performance, which ultimately arises from the geometric structure of the underlying data distribution and perturbation constraints.

翻译：为解决深神经网络普遍易受对抗性实例影响的问题,出现了强有力的机器学习配方,以解决深神经网络普遍易受对抗性实例影响的问题。我们的工作将最佳稳健学习与隐私-利用权权衡问题(即对率扭曲问题的概括化)联系起来。强大的分类器和对抗性扰动之间的游戏搭载点可以通过解决最大有条件的最小诱变问题找到。这种信息理论视角揭示了稳健性和清洁数据性能之间的根本权衡,最终产生于基本数据分布的几何结构以及扰动限制。