Towards Robust and Reliable Machine Learning: Theory and Algorithms

Abstract

Machine learning models, especially deep neural networks, have achieved impressive performance across a variety of domains including image classification, natural language processing, and speech recognition. However, recent examples have shown that these models are susceptible to test-time shift such as adversarial attacks or distributional shift. Additionally, machine learning algorithms require having access to personal data, and the learned model can be discriminatory with respect to minority social groups, raising privacy and fairness risks. To tackle these issues, in this thesis, we study several topics on robustness and reliability in machine learning, with a focus on generalization, adversarial examples, distributional robustness and fairness (privacy).

We start with the generalization problem in recurrent neural networks. We propose new generalization bounds for recurrent neural networks based on matrix 1-norm and Fisher-Rao norm. Our bound has no explicit dependency on the size of networks and can potentially explain the effect of noise training on generalization of recurrent neural networks as demonstrated by our empirical results. We then move forward to dataset shift robustness, which involves adversarial examples and distributional shift. For adversarial examples, we theoretically analyze the adversarially robust generalization properties of machine learning models. For distributional shift, we focus on learning a robust model and propose new algorithms to solve Wasserstein distributionally robust optimization problem which apply to arbitrary level of robustness and general loss functions. Lastly, to ensure both privacy and fairness, we present a fairness-aware federated learning framework and provide an efficient and provably convergent algorithm to solve it. Experimental results show that our method can lead to significant benefits in practice in terms of both accuracy and fairness.