In the adversarial ML lecture, I don't understand well the paragraph below. Why when it is positive, an increase makes the prediction more correct, and when it's negative, an increase makes the prediction less correct?
For simplicity, assume that \(h(x)\) (which is the label of \(x\)) is equal to \(+1\). Then we have to consider just \(\nabla_x g(x)\) where \(g(x)\) corresponds to the predicted probability of \(x\) to belong to class \(+1\).
The gradient \(\nabla_x g(x)\) of any function \(g(x)\) points towards the direction of the steepest ascent within an infinitesimal neighbourhood of \(x\). If \(g(x)\) is the predicted probability, then moving along the direction of the negative gradient will decrease \(g(x)\) (for a sufficiently small step size), i.e., it will make the prediction less correct (which is the goal of the adversary) if the true label is \(+1\). The remark from the lecture notes basically suggests just that, with the difference being that it tells us that we can consider each coordinate separately and move according to the sign of the gradient (i.e., depending on whether the partial derivative for some coordinate is positive or negative) if we want to minimize the predicted probability \(g(x)\).
Moreover, one can reason similarly for the case of \(h(x) = -1\) but one would need to follow the direction of the gradient (instead of the negative gradient) to make the prediction less correct.
Adversarial ML
Hello,
In the adversarial ML lecture, I don't understand well the paragraph below. Why when it is positive, an increase makes the prediction more correct, and when it's negative, an increase makes the prediction less correct?
Thank you for your help!!
Hi,
For simplicity, assume that \(h(x)\) (which is the label of \(x\)) is equal to \(+1\). Then we have to consider just \(\nabla_x g(x)\) where \(g(x)\) corresponds to the predicted probability of \(x\) to belong to class \(+1\).
The gradient \(\nabla_x g(x)\) of any function \(g(x)\) points towards the direction of the steepest ascent within an infinitesimal neighbourhood of \(x\). If \(g(x)\) is the predicted probability, then moving along the direction of the negative gradient will decrease \(g(x)\) (for a sufficiently small step size), i.e., it will make the prediction less correct (which is the goal of the adversary) if the true label is \(+1\). The remark from the lecture notes basically suggests just that, with the difference being that it tells us that we can consider each coordinate separately and move according to the sign of the gradient (i.e., depending on whether the partial derivative for some coordinate is positive or negative) if we want to minimize the predicted probability \(g(x)\).
Moreover, one can reason similarly for the case of \(h(x) = -1\) but one would need to follow the direction of the gradient (instead of the negative gradient) to make the prediction less correct.
I hope that helps.
Best,
Maksym
3
Thank you so much for your explanations !! :)
Add comment