On the Similarity of Deep Learning Representations Across Didactic and Adversarial Examples

• URL: http://arxiv.org/abs/2002.06816v2
• Date: Tue, 17 Sep 2024 02:01:42 GMT
• Title: On the Similarity of Deep Learning Representations Across Didactic and Adversarial Examples
• Authors: Pk Douglas, Farzad Vasheghani Farahani,
• Abstract summary: Adrial examples in the wild may inadvertently prove deleterious for accurate predictive modeling. We show that representational similarity and performance vary according to the frequency of adversarial examples in the input space.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The increasing use of deep neural networks (DNNs) has motivated a parallel endeavor: the design of adversaries that profit from successful misclassifications. However, not all adversarial examples are crafted for malicious purposes. For example, real world systems often contain physical, temporal, and sampling variability across instrumentation. Adversarial examples in the wild may inadvertently prove deleterious for accurate predictive modeling. Conversely, naturally occurring covariance of image features may serve didactic purposes. Here, we studied the stability of deep learning representations for neuroimaging classification across didactic and adversarial conditions characteristic of MRI acquisition variability. We show that representational similarity and performance vary according to the frequency of adversarial examples in the input space.

Related papers

• Imperceptible Adversarial Examples in the Physical World [10.981325924844167]
  We make adversarial examples imperceptible in the physical world using a straight-through estimator (STE, a.k.a. BPDA) Our differentiable rendering extension to STE also enables imperceptible adversarial patches in the physical world. To the best of our knowledge, this is the first work demonstrating imperceptible adversarial examples bounded by small norms in the physical world.
  arXiv  Detail & Related papers  (2024-11-25T18:02:23Z)
• Robustness of Deep Neural Networks for Micro-Doppler Radar Classification [1.3654846342364308]
  Two deep convolutional architectures, trained and tested on the same data, are evaluated. Models are susceptible to adversarial examples. cadence-velocity diagram representation rather than Doppler-time are demonstrated to be naturally more immune to adversarial examples.
  arXiv  Detail & Related papers  (2024-02-21T09:37:17Z)
• Transcending Adversarial Perturbations: Manifold-Aided Adversarial Examples with Legitimate Semantics [10.058463432437659]
  Deep neural networks were significantly vulnerable to adversarial examples manipulated by malicious tiny perturbations. In this paper, we propose a supervised semantic-transformation generative model to generate adversarial examples with real and legitimate semantics. Experiments on MNIST and industrial defect datasets showed that our adversarial examples not only exhibited better visual quality but also achieved superior attack transferability.
  arXiv  Detail & Related papers  (2024-02-05T15:25:40Z)
• A Survey on Transferability of Adversarial Examples across Deep Neural Networks [53.04734042366312]
  adversarial examples can manipulate machine learning models into making erroneous predictions. The transferability of adversarial examples enables black-box attacks which circumvent the need for detailed knowledge of the target model. This survey explores the landscape of the adversarial transferability of adversarial examples.
  arXiv  Detail & Related papers  (2023-10-26T17:45:26Z)
• On the Effect of Adversarial Training Against Invariance-based Adversarial Examples [0.23624125155742057]
  This work addresses the impact of adversarial training with invariance-based adversarial examples on a convolutional neural network (CNN) We show that when adversarial training with invariance-based and perturbation-based adversarial examples is applied, it should be conducted simultaneously and not consecutively.
  arXiv  Detail & Related papers  (2023-02-16T12:35:37Z)
• The Enemy of My Enemy is My Friend: Exploring Inverse Adversaries for Improving Adversarial Training [72.39526433794707]
  Adversarial training and its variants have been shown to be the most effective approaches to defend against adversarial examples. We propose a novel adversarial training scheme that encourages the model to produce similar outputs for an adversarial example and its inverse adversarial'' counterpart. Our training method achieves state-of-the-art robustness as well as natural accuracy.
  arXiv  Detail & Related papers  (2022-11-01T15:24:26Z)
• Equivariance Allows Handling Multiple Nuisance Variables When Analyzing Pooled Neuroimaging Datasets [53.34152466646884]
  In this paper, we show how bringing recent results on equivariant representation learning instantiated on structured spaces together with simple use of classical results on causal inference provides an effective practical solution. We demonstrate how our model allows dealing with more than one nuisance variable under some assumptions and can enable analysis of pooled scientific datasets in scenarios that would otherwise entail removing a large portion of the samples.
  arXiv  Detail & Related papers  (2022-03-29T04:54:06Z)
• A Frequency Perspective of Adversarial Robustness [72.48178241090149]
  We present a frequency-based understanding of adversarial examples, supported by theoretical and empirical findings. Our analysis shows that adversarial examples are neither in high-frequency nor in low-frequency components, but are simply dataset dependent. We propose a frequency-based explanation for the commonly observed accuracy vs. robustness trade-off.
  arXiv  Detail & Related papers  (2021-10-26T19:12:34Z)
• Harnessing Perceptual Adversarial Patches for Crowd Counting [92.79051296850405]
  Crowd counting is vulnerable to adversarial examples in the physical world. This paper proposes the Perceptual Adrial Patch (PAP) generation framework to learn the shared perceptual features between models.
  arXiv  Detail & Related papers  (2021-09-16T13:51:39Z)
• On the Transferability of Adversarial Attacksagainst Neural Text Classifier [121.6758865857686]
  We investigate the transferability of adversarial examples for text classification models. We propose a genetic algorithm to find an ensemble of models that can induce adversarial examples to fool almost all existing models. We derive word replacement rules that can be used for model diagnostics from these adversarial examples.
  arXiv  Detail & Related papers  (2020-11-17T10:45:05Z)
• AdvJND: Generating Adversarial Examples with Just Noticeable Difference [3.638233924421642]
  Adding small perturbations on examples causes a good-performance model to misclassify the crafted examples. Adversarial examples generated by our AdvJND algorithm yield distributions similar to those of the original inputs.
  arXiv  Detail & Related papers  (2020-02-01T09:55:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.