Back to Explorer
Research PaperResearchia:202602.25045[Data Science > Machine Learning]

Reliable Abstention under Adversarial Injections: Tight Lower Bounds and New Upper Bounds

Ezra Edelman

Abstract

We study online learning in the adversarial injection model introduced by [Goel et al. 2017], where a stream of labeled examples is predominantly drawn i.i.d.\ from an unknown distribution D\mathcal{D}, but may be interspersed with adversarially chosen instances without the learner knowing which rounds are adversarial. Crucially, labels are always consistent with a fixed target concept (the clean-label setting). The learner is additionally allowed to abstain from predicting, and the total error counts the mistakes whenever the learner decides to predict and incorrect abstentions when it abstains on i.i.d.\ rounds. Perhaps surprisingly, prior work shows that oracle access to the underlying distribution yields O(d2logT)O(d^2 \log T) combined error for VC dimension dd, while distribution-agnostic algorithms achieve only O~(T)\tilde{O}(\sqrt{T}) for restricted classes, leaving open whether this gap is fundamental. We resolve this question by proving a matching Ω(T)Ω(\sqrt{T}) lower bound for VC dimension 11, establishing a sharp separation between the two information regimes. On the algorithmic side, we introduce a potential-based framework driven by \emph{robust witnesses}, small subsets of labeled examples that certify predictions while remaining resilient to adversarial contamination. We instantiate this framework using two combinatorial dimensions: (1) \emph{inference dimension}, yielding combined error O~(T11/k)\tilde{O}(T^{1-1/k}) for classes of inference dimension kk, and (2) \emph{certificate dimension}, a new relaxation we introduce. As an application, we show that halfspaces in R2\mathbb{R}^2 have certificate dimension 33, obtaining the first distribution-agnostic bound of O~(T2/3)\tilde{O}(T^{2/3}) for this class. This is notable since [Blum et al. 2021] showed halfspaces are not robustly learnable under clean-label attacks without abstention.

Source: arXiv:2602.20111v1 - http://arxiv.org/abs/2602.20111v1 PDF: https://arxiv.org/pdf/2602.20111v1 Original Link: http://arxiv.org/abs/2602.20111v1

Submission:2/25/2026
Comments:0 comments
Subjects:Machine Learning; Data Science
Cite as:
Researchia:202602.25045https://www.researchia.net/explorer/0f35383b-c1d9-4917-9439-428a15700ab5
Original Source:
View Original PDF
arXiv: This paper is hosted on arXiv, an open-access repository
Was this helpful?

Discussion (0)

Please sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Reliable Abstention under Adversarial Injections: Tight Lower Bounds and New Upper Bounds | Researchia | Researchia