Maximum Mean Discrepancy Test is Aware of Adversarial Attacks
- URL: http://arxiv.org/abs/2010.11415v3
- Date: Sun, 11 Jul 2021 17:54:56 GMT
- Title: Maximum Mean Discrepancy Test is Aware of Adversarial Attacks
- Authors: Ruize Gao, Feng Liu, Jingfeng Zhang, Bo Han, Tongliang Liu, Gang Niu,
Masashi Sugiyama
- Abstract summary: The maximum mean discrepancy (MMD) test could in principle detect any distributional discrepancy between two datasets.
It has been shown that the MMD test is unaware of adversarial attacks.
- Score: 122.51040127438324
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The maximum mean discrepancy (MMD) test could in principle detect any
distributional discrepancy between two datasets. However, it has been shown
that the MMD test is unaware of adversarial attacks -- the MMD test failed to
detect the discrepancy between natural and adversarial data. Given this
phenomenon, we raise a question: are natural and adversarial data really from
different distributions? The answer is affirmative -- the previous use of the
MMD test on the purpose missed three key factors, and accordingly, we propose
three components. Firstly, the Gaussian kernel has limited representation
power, and we replace it with an effective deep kernel. Secondly, the test
power of the MMD test was neglected, and we maximize it following asymptotic
statistics. Finally, adversarial data may be non-independent, and we overcome
this issue with the wild bootstrap. By taking care of the three factors, we
verify that the MMD test is aware of adversarial attacks, which lights up a
novel road for adversarial data detection based on two-sample tests.
Related papers
- Computational-Statistical Trade-off in Kernel Two-Sample Testing with Random Fourier Features [3.744589644319257]
The Maximum Mean Discrepancy (MMD) test has emerged as an effective tool for handling complex and high-dimensional data.
It has been unclear whether it is possible to attain the same power guarantee as the MMD test at sub-quadratic time cost.
We show that it is possible to attain the same minimax separation rates as the MMD test within sub-quadratic time.
arXiv Detail & Related papers (2024-07-12T04:08:01Z) - Partial identification of kernel based two sample tests with mismeasured
data [5.076419064097733]
Two-sample tests such as the Maximum Mean Discrepancy (MMD) are often used to detect differences between two distributions in machine learning applications.
We study the estimation of the MMD under $epsilon$-contamination, where a possibly non-random $epsilon$ proportion of one distribution is erroneously grouped with the other.
We propose a method to estimate these bounds, and show that it gives estimates that converge to the sharpest possible bounds on the MMD as sample size increases.
arXiv Detail & Related papers (2023-08-07T13:21:58Z) - Detecting Adversarial Data by Probing Multiple Perturbations Using
Expected Perturbation Score [62.54911162109439]
Adversarial detection aims to determine whether a given sample is an adversarial one based on the discrepancy between natural and adversarial distributions.
We propose a new statistic called expected perturbation score (EPS), which is essentially the expected score of a sample after various perturbations.
We develop EPS-based maximum mean discrepancy (MMD) as a metric to measure the discrepancy between the test sample and natural samples.
arXiv Detail & Related papers (2023-05-25T13:14:58Z) - Sequential Predictive Two-Sample and Independence Testing [114.4130718687858]
We study the problems of sequential nonparametric two-sample and independence testing.
We build upon the principle of (nonparametric) testing by betting.
arXiv Detail & Related papers (2023-04-29T01:30:33Z) - Sequential Kernelized Independence Testing [101.22966794822084]
We design sequential kernelized independence tests inspired by kernelized dependence measures.
We demonstrate the power of our approaches on both simulated and real data.
arXiv Detail & Related papers (2022-12-14T18:08:42Z) - A Statistical Difference Reduction Method for Escaping Backdoor
Detection [11.226288436817956]
Recent studies show that Deep Neural Networks (DNNs) are vulnerable to backdoor attacks.
Several detection methods have been developed to distinguish inputs to defend against such attacks.
We propose a Statistical Difference Reduction Method (SDRM) by adding a multi-level MMD constraint to the loss function.
arXiv Detail & Related papers (2021-11-09T12:09:18Z) - MMD Aggregated Two-Sample Test [31.116276769013204]
We propose two novel non-parametric two-sample kernel tests based on the Mean Maximum Discrepancy (MMD)
First, for a fixed kernel, we construct an MMD test using either permutations or a wild bootstrap, two popular numerical procedures to determine the test threshold.
We prove that this test controls the level non-asymptotically, and achieves the minimax rate over Sobolev balls, up to an iterated logarithmic term.
arXiv Detail & Related papers (2021-10-28T12:47:49Z) - Probabilistic Margins for Instance Reweighting in Adversarial Training [151.34753039197832]
We propose three types of probabilistic margin (PM) for measuring closeness and reweighting adversarial data.
Though different PMs capture different geometric properties, all three PMs share a negative correlation with the vulnerability of data.
Experiments demonstrate that PMs are reliable measurements and PM-based reweighting methods outperform state-of-the-art methods.
arXiv Detail & Related papers (2021-06-15T06:37:55Z) - Significance tests of feature relevance for a blackbox learner [6.72450543613463]
We derive two consistent tests for the feature relevance of a blackbox learner.
The first evaluates a loss difference with perturbation on an inference sample.
The second splits the inference sample into two but does not require data perturbation.
arXiv Detail & Related papers (2021-03-02T00:59:19Z) - Noisy Adaptive Group Testing using Bayesian Sequential Experimental
Design [63.48989885374238]
When the infection prevalence of a disease is low, Dorfman showed 80 years ago that testing groups of people can prove more efficient than testing people individually.
Our goal in this paper is to propose new group testing algorithms that can operate in a noisy setting.
arXiv Detail & Related papers (2020-04-26T23:41:33Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.