Geometry-Inspired Top-k Adversarial Perturbations
- URL: http://arxiv.org/abs/2006.15669v6
- Date: Tue, 23 Nov 2021 14:58:22 GMT
- Title: Geometry-Inspired Top-k Adversarial Perturbations
- Authors: Nurislam Tursynbek, Aleksandr Petiushko, and Ivan Oseledets
- Abstract summary: Top-k adversarial examples as a simple multi-objective optimization.
Top-k Universal Adversarial Perturbations, image-agnostic tiny perturbations that cause the true class to be absent among the Top-k prediction for the majority of natural images.
- Score: 68.32598950136504
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The brittleness of deep image classifiers to small adversarial input
perturbations has been extensively studied in the last several years. However,
the main objective of existing perturbations is primarily limited to change the
correctly predicted Top-1 class by an incorrect one, which does not intend to
change the Top-k prediction. In many digital real-world scenarios Top-k
prediction is more relevant. In this work, we propose a fast and accurate
method of computing Top-k adversarial examples as a simple multi-objective
optimization. We demonstrate its efficacy and performance by comparing it to
other adversarial example crafting techniques. Moreover, based on this method,
we propose Top-k Universal Adversarial Perturbations, image-agnostic tiny
perturbations that cause the true class to be absent among the Top-k prediction
for the majority of natural images. We experimentally show that our approach
outperforms baseline methods and even improves existing techniques of finding
Universal Adversarial Perturbations.
Related papers
- Focus on the Likely: Test-time Instance-based Uncertainty Removal [1.8592384822257952]
We propose two novel test-time fine-tuning methods to improve uncertain model predictions.<n>Instead of greedily selecting the most likely class, we introduce an additional step, emphfocus on the likely classes, to refine predictions.
arXiv Detail & Related papers (2025-05-02T21:06:53Z) - A Meaningful Perturbation Metric for Evaluating Explainability Methods [55.09730499143998]
We introduce a novel approach, which harnesses image generation models to perform targeted perturbation.
Specifically, we focus on inpainting only the high-relevance pixels of an input image to modify the model's predictions while preserving image fidelity.
This is in contrast to existing approaches, which often produce out-of-distribution modifications, leading to unreliable results.
arXiv Detail & Related papers (2025-04-09T11:46:41Z) - Incremental Prototype Prompt-tuning with Pre-trained Representation for
Class Incremental Learning [4.717066668969749]
Class incremental learning has attracted much attention, but most existing works still continually fine-tune the representation model.
We take the pre-train-and-prompt-tuning paradigm to sequentially learn new visual concepts based on a fixed semantic rich pre-trained representation model.
Our method consistently outperforms other state-of-the-art methods with a large margin.
arXiv Detail & Related papers (2022-04-07T12:49:14Z) - Revisiting Consistency Regularization for Semi-Supervised Learning [80.28461584135967]
We propose an improved consistency regularization framework by a simple yet effective technique, FeatDistLoss.
Experimental results show that our model defines a new state of the art for various datasets and settings.
arXiv Detail & Related papers (2021-12-10T20:46:13Z) - Adaptive Perturbation for Adversarial Attack [50.77612889697216]
We propose a new gradient-based attack method for adversarial examples.
We use the exact gradient direction with a scaling factor for generating adversarial perturbations.
Our method exhibits higher transferability and outperforms the state-of-the-art methods.
arXiv Detail & Related papers (2021-11-27T07:57:41Z) - Meta Adversarial Perturbations [66.43754467275967]
We show the existence of a meta adversarial perturbation (MAP)
MAP causes natural images to be misclassified with high probability after being updated through only a one-step gradient ascent update.
We show that these perturbations are not only image-agnostic, but also model-agnostic, as a single perturbation generalizes well across unseen data points and different neural network architectures.
arXiv Detail & Related papers (2021-11-19T16:01:45Z) - A Low Rank Promoting Prior for Unsupervised Contrastive Learning [108.91406719395417]
We construct a novel probabilistic graphical model that effectively incorporates the low rank promoting prior into the framework of contrastive learning.
Our hypothesis explicitly requires that all the samples belonging to the same instance class lie on the same subspace with small dimension.
Empirical evidences show that the proposed algorithm clearly surpasses the state-of-the-art approaches on multiple benchmarks.
arXiv Detail & Related papers (2021-08-05T15:58:25Z) - Learning the Truth From Only One Side of the Story [58.65439277460011]
We focus on generalized linear models and show that without adjusting for this sampling bias, the model may converge suboptimally or even fail to converge to the optimal solution.
We propose an adaptive approach that comes with theoretical guarantees and show that it outperforms several existing methods empirically.
arXiv Detail & Related papers (2020-06-08T18:20:28Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.