1: \begin{abstract}

2: %In recent times many state-of-the-art machine learning models have been found to be fragile to adversarial attacks on the test data.

3: %Most adversarial defenses proposed to alleviate this problem are either heuristic or are have proofs for only simple settings.

4: In this work, we study the possibility of defending against ``data-poisoning" attacks while learning a neural net. We focus on the supervised learning setup for a class of finite-sized depth-2 nets - which include the standard single filter convolutional nets. For this setup we attempt to learn the true label generating weights in the presence of a malicious oracle doing stochastic bounded and additive adversarial distortions on the true labels being accessed by the algorithm during training.  For the non-gradient stochastic algorithm that we instantiate we prove (worst case nearly optimal) trade-offs among the magnitude of the adversarial attack, the accuracy, and the confidence achieved by the proposed algorithm. Additionally, our algorithm uses mini-batching and we keep track of how the mini-batch size affects the convergence. 

5: \keywords{Adversarial attack \and Neural network \and non-gradient iterative algorithms \and  stochastic algorithms \and non-smooth non-convex optimization}

6: 

7: % The Abstract paragraph should be indented 0.25 inch (1.5 picas) on

8: % both left and right-hand margins.  Use 10~point type, with a vertical

9: % spacing of 11~points.  {\bf Abstract} must be centered, bold, and in

10: % point size 12. Two line spaces precede the Abstract. The Abstract must be limited to one paragraph.

11: 

12: % which are is provably robustly learnable under adversarial label corruption in the realizable setting. 

13: % \mynote{ We demonstrate a stochastic algorithm which attempts to recover the true parameters despite the data-poisoning oracle.}

14: \end{abstract}

15: