We study the problem of sequential prediction in the stochastic setting with an adversary that is allowed to inject clean-label adversarial (or out-of-distribution) examples. Algorithms designed to handle purely stochastic data tend to fail in the presence of such adversarial examples, often leading to erroneous predictions. This is undesirable in many high-stakes applications such as medical recommendations, where abstaining from predictions on adversarial examples is preferable to misclassification. On the other hand, assuming fully adversarial data leads to very pessimistic bounds that are often vacuous in practice. To capture this motivation, we propose a new model of sequential prediction that sits between the purely stochastic and fully adversarial settings by allowing the learner to abstain from making a prediction at no cost on adversarial examples. Assuming access to the marginal distribution on the non-adversarial examples, we design a learner whose error scales with the VC dimension (mirroring the stochastic setting) of the hypothesis class, as opposed to the Littlestone dimension which characterizes the fully adversarial setting. Furthermore, we design a learner for VC dimension~1 classes, which works even in the absence of access to the marginal distribution. Our key technical contribution is a novel measure for quantifying uncertainty for learning VC classes, which may be of independent interest.

翻译：我们研究了随机环境下的序列预测问题，其中允许对抗者注入干净标签的对抗（或分布外）样本。针对纯随机数据设计的算法在面对此类对抗样本时往往失效，常导致错误预测。这在医学推荐等高重要性应用中是不利的——在此类场景中，对对抗样本弃权预测优于错误分类。另一方面，假设数据完全由对抗者控制会导致极其悲观的边界，在实践中往往失去意义。基于这一动机，我们提出了一种介于纯随机与完全对抗场景之间的新序列预测模型：允许学习者在对抗样本上无代价地弃权预测。假设能获取非对抗样本的边缘分布，我们设计的学习器其误差随假设类的VC维数（反映随机场景特性）增长，而非刻画完全对抗场景的Littlestone维数。进一步地，我们为VC维数为1的类别设计了无需边缘分布信息的学习器。我们的核心技术贡献是一种用于量化VC类学习不确定性的新型度量，该度量可能具有独立的研究价值。