Reducing Adversarially Robust Learning to Non-Robust PAC Learning
We study the problem of reducing adversarially robust learning to standard PAC learning, i.e. the complexity of learning adversarially robust predictors using access to only a black-box non-robust learner. We give a reduction that can robustly learn any hypothesis class 𝒞 using any non-robust learner 𝒜 for 𝒞. The number of calls to 𝒜 depends logarithmically on the number of allowed adversarial perturbations per example, and we give a lower bound showing this is unavoidable.
READ FULL TEXT