We study the problem of sequential prediction in the stochastic setting with an adversary that is allowed to inject clean-label adversarial (or out-of-distribution) examples. Algorithms designed to handle purely stochastic data tend to fail in the presence of such adversarial examples, often leading to erroneous predictions. This is undesirable in many high-stakes applications such as medical recommendations, where abstaining from predictions on adversarial examples is preferable to misclassification. On the other hand, assuming fully adversarial data leads to very pessimistic bounds that are often vacuous in practice. To capture this motivation, we propose a new model of sequential prediction that sits between the purely stochastic and fully adversarial settings by allowing the learner to abstain from making a prediction at no cost on adversarial examples. Assuming access to the marginal distribution on the non-adversarial examples, we design a learner whose error scales with the VC dimension (mirroring the stochastic setting) of the hypothesis class, as opposed to the Littlestone dimension which characterizes the fully adversarial setting. Furthermore, we design a learner for VC dimension~1 classes, which works even in the absence of access to the marginal distribution. Our key technical contribution is a novel measure for quantifying uncertainty for learning VC classes, which may be of independent interest.

翻译：我们研究了随机环境中存在允许注入清洁标签对抗性（或分布外）样本的对手时的序列预测问题。处理纯随机数据的算法在对抗性样本存在时往往失效，导致错误预测。这在许多高风险应用（如医疗推荐）中是不利的，这种情况下，对对抗性样本放弃预测比错误分类更可取。另一方面，假设完全对抗性数据会导致极其悲观的界限，在实践中常常失去意义。为捕捉这一动机，我们提出了一种介于纯随机与完全对抗性环境之间的新型序列预测模型，允许学习者在对抗性样本上以零成本放弃预测。假设能够获取非对抗性样本的边缘分布，我们设计的学习者其误差与假设类别的VC维（反映随机环境）成比例，而非表征完全对抗性环境的Littlestone维。此外，我们针对VC维为1的类别设计了无需边缘分布信息的学习者。关键技术贡献是提出了量化VC类学习不确定性的新型测度，该测度可能具有独立的研究意义。