Towards Achieving Adversarial Robustness by Enforcing Feature
Consistency Across Bit Planes
- URL: http://arxiv.org/abs/2004.00306v1
- Date: Wed, 1 Apr 2020 09:31:10 GMT
- Title: Towards Achieving Adversarial Robustness by Enforcing Feature
Consistency Across Bit Planes
- Authors: Sravanti Addepalli, Vivek B.S., Arya Baburaj, Gaurang Sriramanan, R.
Venkatesh Babu
- Abstract summary: We train networks to form coarse impressions based on the information in higher bit planes, and use the lower bit planes only to refine their prediction.
We demonstrate that, by imposing consistency on the representations learned across differently quantized images, the adversarial robustness of networks improves significantly.
- Score: 51.31334977346847
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As humans, we inherently perceive images based on their predominant features,
and ignore noise embedded within lower bit planes. On the contrary, Deep Neural
Networks are known to confidently misclassify images corrupted with
meticulously crafted perturbations that are nearly imperceptible to the human
eye. In this work, we attempt to address this problem by training networks to
form coarse impressions based on the information in higher bit planes, and use
the lower bit planes only to refine their prediction. We demonstrate that, by
imposing consistency on the representations learned across differently
quantized images, the adversarial robustness of networks improves significantly
when compared to a normally trained model. Present state-of-the-art defenses
against adversarial attacks require the networks to be explicitly trained using
adversarial samples that are computationally expensive to generate. While such
methods that use adversarial training continue to achieve the best results,
this work paves the way towards achieving robustness without having to
explicitly train on adversarial samples. The proposed approach is therefore
faster, and also closer to the natural learning process in humans.
Related papers
- Adversarial Robustification via Text-to-Image Diffusion Models [56.37291240867549]
Adrial robustness has been conventionally believed as a challenging property to encode for neural networks.
We develop a scalable and model-agnostic solution to achieve adversarial robustness without using any data.
arXiv Detail & Related papers (2024-07-26T10:49:14Z) - Addressing Mistake Severity in Neural Networks with Semantic Knowledge [0.0]
Most robust training techniques aim to improve model accuracy on perturbed inputs.
As an alternate form of robustness, we aim to reduce the severity of mistakes made by neural networks in challenging conditions.
We leverage current adversarial training methods to generate targeted adversarial attacks during the training process.
Results demonstrate that our approach performs better with respect to mistake severity compared to standard and adversarially trained models.
arXiv Detail & Related papers (2022-11-21T22:01:36Z) - Adversarially robust segmentation models learn perceptually-aligned
gradients [0.0]
We show that adversarially-trained semantic segmentation networks can be used to perform image inpainting and generation.
We argue that perceptually-aligned gradients promote a better understanding of a neural network's learned representations and aid in making neural networks more interpretable.
arXiv Detail & Related papers (2022-04-03T16:04:52Z) - Leveraging Self-Supervision for Cross-Domain Crowd Counting [71.75102529797549]
State-of-the-art methods for counting people in crowded scenes rely on deep networks to estimate crowd density.
We train our network to recognize upside-down real images from regular ones and incorporate into it the ability to predict its own uncertainty.
This yields an algorithm that consistently outperforms state-of-the-art cross-domain crowd counting ones without any extra computation at inference time.
arXiv Detail & Related papers (2021-03-30T12:37:55Z) - Combating Adversaries with Anti-Adversaries [118.70141983415445]
In particular, our layer generates an input perturbation in the opposite direction of the adversarial one.
We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models.
Our anti-adversary layer significantly enhances model robustness while coming at no cost on clean accuracy.
arXiv Detail & Related papers (2021-03-26T09:36:59Z) - Stylized Adversarial Defense [105.88250594033053]
adversarial training creates perturbation patterns and includes them in the training set to robustify the model.
We propose to exploit additional information from the feature space to craft stronger adversaries.
Our adversarial training approach demonstrates strong robustness compared to state-of-the-art defenses.
arXiv Detail & Related papers (2020-07-29T08:38:10Z) - Adversarially-Trained Deep Nets Transfer Better: Illustration on Image
Classification [53.735029033681435]
Transfer learning is a powerful methodology for adapting pre-trained deep neural networks on image recognition tasks to new domains.
In this work, we demonstrate that adversarially-trained models transfer better than non-adversarially-trained models.
arXiv Detail & Related papers (2020-07-11T22:48:42Z) - Robust Face Verification via Disentangled Representations [20.393894616979402]
We introduce a robust algorithm for face verification, deciding whether twoimages are of the same person or not.
We use the generativemodel during training as an online augmentation method instead of a test-timepurifier that removes adversarial noise.
We experimentally show that, when coupled with adversarial training, the proposed scheme converges with aweak inner solver and has a higher clean and robust accuracy than state-of-the-art-methods when evaluated against white-box physical attacks.
arXiv Detail & Related papers (2020-06-05T19:17:02Z) - Class-Aware Domain Adaptation for Improving Adversarial Robustness [27.24720754239852]
adversarial training has been proposed to train networks by injecting adversarial examples into the training data.
We propose a novel Class-Aware Domain Adaptation (CADA) method for adversarial defense without directly applying adversarial training.
arXiv Detail & Related papers (2020-05-10T03:45:19Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.