Analysis of Random Perturbations for Robust Convolutional Neural Networks

• URL: http://arxiv.org/abs/2002.03080v4
• Date: Sun, 7 Jun 2020 19:25:31 GMT
• Title: Analysis of Random Perturbations for Robust Convolutional Neural Networks
• Authors: Adam Dziedzic, Sanjay Krishnan
• Abstract summary: Recent work has extensively shown that randomized perturbations of neural networks can improve robustness to adversarial attacks. We show that perturbation based defenses offer almost no robustness to adaptive attacks unless these perturbations are observed during training. adversarial examples in a close neighborhood of original inputs show an elevated sensitivity to perturbations in first and second-order analyses.
• Score: 11.325672232682903
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Recent work has extensively shown that randomized perturbations of neural networks can improve robustness to adversarial attacks. The literature is, however, lacking a detailed compare-and-contrast of the latest proposals to understand what classes of perturbations work, when they work, and why they work. We contribute a detailed evaluation that elucidates these questions and benchmarks perturbation based defenses consistently. In particular, we show five main results: (1) all input perturbation defenses, whether random or deterministic, are equivalent in their efficacy, (2) attacks transfer between perturbation defenses so the attackers need not know the specific type of defense -- only that it involves perturbations, (3) a tuned sequence of noise layers across a network provides the best empirical robustness, (4) perturbation based defenses offer almost no robustness to adaptive attacks unless these perturbations are observed during training, and (5) adversarial examples in a close neighborhood of original inputs show an elevated sensitivity to perturbations in first and second-order analyses.

Related papers

• Detecting Adversarial Attacks in Semantic Segmentation via Uncertainty Estimation: A Deep Analysis [12.133306321357999]
  We propose an uncertainty-based method for detecting adversarial attacks on neural networks for semantic segmentation. We conduct a detailed analysis of uncertainty-based detection of adversarial attacks and various state-of-the-art neural networks. Our numerical experiments show the effectiveness of the proposed uncertainty-based detection method.
  arXiv  Detail & Related papers  (2024-08-19T14:13:30Z)
• Meta Invariance Defense Towards Generalizable Robustness to Unknown Adversarial Attacks [62.036798488144306]
  Current defense mainly focuses on the known attacks, but the adversarial robustness to the unknown attacks is seriously overlooked. We propose an attack-agnostic defense method named Meta Invariance Defense (MID) We show that MID simultaneously achieves robustness to the imperceptible adversarial perturbations in high-level image classification and attack-suppression in low-level robust image regeneration.
  arXiv  Detail & Related papers  (2024-04-04T10:10:38Z)
• Multi-granular Adversarial Attacks against Black-box Neural Ranking Models [111.58315434849047]
  We create high-quality adversarial examples by incorporating multi-granular perturbations. We transform the multi-granular attack into a sequential decision-making process. Our attack method surpasses prevailing baselines in both attack effectiveness and imperceptibility.
  arXiv  Detail & Related papers  (2024-04-02T02:08:29Z)
• Investigating Human-Identifiable Features Hidden in Adversarial Perturbations [54.39726653562144]
  Our study explores up to five attack algorithms across three datasets. We identify human-identifiable features in adversarial perturbations. Using pixel-level annotations, we extract such features and demonstrate their ability to compromise target models.
  arXiv  Detail & Related papers  (2023-09-28T22:31:29Z)
• Improving Adversarial Robustness to Sensitivity and Invariance Attacks with Deep Metric Learning [80.21709045433096]
  A standard method in adversarial robustness assumes a framework to defend against samples crafted by minimally perturbing a sample. We use metric learning to frame adversarial regularization as an optimal transport problem. Our preliminary results indicate that regularizing over invariant perturbations in our framework improves both invariant and sensitivity defense.
  arXiv  Detail & Related papers  (2022-11-04T13:54:02Z)
• How many perturbations break this model? Evaluating robustness beyond adversarial accuracy [28.934863462633636]
  We introduce adversarial sparsity, which quantifies how difficult it is to find a successful perturbation given both an input point and a constraint on the direction of the perturbation. We show that sparsity provides valuable insight into neural networks in multiple ways.
  arXiv  Detail & Related papers  (2022-07-08T21:25:17Z)
• Towards Defending against Adversarial Examples via Attack-Invariant Features [147.85346057241605]
  Deep neural networks (DNNs) are vulnerable to adversarial noise. adversarial robustness can be improved by exploiting adversarial examples. Models trained on seen types of adversarial examples generally cannot generalize well to unseen types of adversarial examples.
  arXiv  Detail & Related papers  (2021-06-09T12:49:54Z)
• Exploring Misclassifications of Robust Neural Networks to Enhance Adversarial Attacks [3.3248768737711045]
  We analyze the classification decisions of 19 different state-of-the-art neural networks trained to be robust against adversarial attacks. We propose a novel loss function for adversarial attacks that consistently improves attack success rate.
  arXiv  Detail & Related papers  (2021-05-21T12:10:38Z)
• Resilience of Bayesian Layer-Wise Explanations under Adversarial Attacks [3.222802562733787]
  We show that for deterministic Neural Networks, saliency interpretations are remarkably brittle even when the attacks fail. We suggest and demonstrate empirically that saliency explanations provided by Bayesian Neural Networks are considerably more stable under adversarial perturbations.
  arXiv  Detail & Related papers  (2021-02-22T14:07:24Z)
• Towards Understanding the Dynamics of the First-Order Adversaries [40.54670072901657]
  An acknowledged weakness of neural networks is their vulnerability to adversarial perturbations to the inputs. One of the most popular defense mechanisms is to maximize the loss over the constrained perturbations on the inputs using projected ascent and minimize over weights. We investigate the non-concave landscape of the adversaries for a two-layer neural network with a quadratic loss.
  arXiv  Detail & Related papers  (2020-10-20T22:20:53Z)
• Proper Network Interpretability Helps Adversarial Robustness in Classification [91.39031895064223]
  We show that with a proper measurement of interpretation, it is difficult to prevent prediction-evasion adversarial attacks from causing interpretation discrepancy. We develop an interpretability-aware defensive scheme built only on promoting robust interpretation. We show that our defense achieves both robust classification and robust interpretation, outperforming state-of-the-art adversarial training methods against attacks of large perturbation.
  arXiv  Detail & Related papers  (2020-06-26T01:31:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.