Beyond cross-entropy: learning highly separable feature distributions
for robust and accurate classification
- URL: http://arxiv.org/abs/2010.15487v1
- Date: Thu, 29 Oct 2020 11:15:17 GMT
- Title: Beyond cross-entropy: learning highly separable feature distributions
for robust and accurate classification
- Authors: Arslan Ali, Andrea Migliorati, Tiziano Bianchi, Enrico Magli
- Abstract summary: We propose a novel approach for training deep robust multiclass classifiers that provides adversarial robustness.
We show that the regularization of the latent space based on our approach yields excellent classification accuracy.
- Score: 22.806324361016863
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep learning has shown outstanding performance in several applications
including image classification. However, deep classifiers are known to be
highly vulnerable to adversarial attacks, in that a minor perturbation of the
input can easily lead to an error. Providing robustness to adversarial attacks
is a very challenging task especially in problems involving a large number of
classes, as it typically comes at the expense of an accuracy decrease. In this
work, we propose the Gaussian class-conditional simplex (GCCS) loss: a novel
approach for training deep robust multiclass classifiers that provides
adversarial robustness while at the same time achieving or even surpassing the
classification accuracy of state-of-the-art methods. Differently from other
frameworks, the proposed method learns a mapping of the input classes onto
target distributions in a latent space such that the classes are linearly
separable. Instead of maximizing the likelihood of target labels for individual
samples, our objective function pushes the network to produce feature
distributions yielding high inter-class separation. The mean values of the
distributions are centered on the vertices of a simplex such that each class is
at the same distance from every other class. We show that the regularization of
the latent space based on our approach yields excellent classification accuracy
and inherently provides robustness to multiple adversarial attacks, both
targeted and untargeted, outperforming state-of-the-art approaches over
challenging datasets.
Related papers
- Characterizing the Optimal 0-1 Loss for Multi-class Classification with
a Test-time Attacker [57.49330031751386]
We find achievable information-theoretic lower bounds on loss in the presence of a test-time attacker for multi-class classifiers on any discrete dataset.
We provide a general framework for finding the optimal 0-1 loss that revolves around the construction of a conflict hypergraph from the data and adversarial constraints.
arXiv Detail & Related papers (2023-02-21T15:17:13Z) - Semi-supervised Domain Adaptive Structure Learning [72.01544419893628]
Semi-supervised domain adaptation (SSDA) is a challenging problem requiring methods to overcome both 1) overfitting towards poorly annotated data and 2) distribution shift across domains.
We introduce an adaptive structure learning method to regularize the cooperation of SSL and DA.
arXiv Detail & Related papers (2021-12-12T06:11:16Z) - PARL: Enhancing Diversity of Ensemble Networks to Resist Adversarial
Attacks via Pairwise Adversarially Robust Loss Function [13.417003144007156]
adversarial attacks tend to rely on the principle of transferability.
Ensemble methods against adversarial attacks demonstrate that an adversarial example is less likely to mislead multiple classifiers.
Recent ensemble methods have either been shown to be vulnerable to stronger adversaries or shown to lack an end-to-end evaluation.
arXiv Detail & Related papers (2021-12-09T14:26:13Z) - Towards A Conceptually Simple Defensive Approach for Few-shot
classifiers Against Adversarial Support Samples [107.38834819682315]
We study a conceptually simple approach to defend few-shot classifiers against adversarial attacks.
We propose a simple attack-agnostic detection method, using the concept of self-similarity and filtering.
Our evaluation on the miniImagenet (MI) and CUB datasets exhibit good attack detection performance.
arXiv Detail & Related papers (2021-10-24T05:46:03Z) - Prototypical Classifier for Robust Class-Imbalanced Learning [64.96088324684683]
We propose textitPrototypical, which does not require fitting additional parameters given the embedding network.
Prototypical produces balanced and comparable predictions for all classes even though the training set is class-imbalanced.
We test our method on CIFAR-10LT, CIFAR-100LT and Webvision datasets, observing that Prototypical obtains substaintial improvements compared with state of the arts.
arXiv Detail & Related papers (2021-10-22T01:55:01Z) - Semi-Supervised Few-Shot Classification with Deep Invertible Hybrid
Models [4.189643331553922]
We propose a deep invertible hybrid model which integrates discriminative and generative learning at a latent space level for semi-supervised few-shot classification.
Our main originality lies in our integration of these components at a latent space level, which is effective in preventing overfitting.
arXiv Detail & Related papers (2021-05-22T05:55:16Z) - Scaling Ensemble Distribution Distillation to Many Classes with Proxy
Targets [12.461503242570643]
emphEnsemble Distribution Distillation is an approach that allows a single model to efficiently capture both the predictive performance and uncertainty estimates of an ensemble.
For classification, this is achieved by training a Dirichlet distribution over the ensemble members' output distributions via the maximum likelihood criterion.
Although theoretically, this criterion exhibits poor convergence when applied to large-scale tasks where the number of classes is very high.
arXiv Detail & Related papers (2021-05-14T17:50:14Z) - No Subclass Left Behind: Fine-Grained Robustness in Coarse-Grained
Classification Problems [20.253644336965042]
In real-world classification tasks, each class often comprises multiple finer-grained "subclasses"
As the subclass labels are frequently unavailable, models trained using only the coarser-grained class labels often exhibit highly variable performance across different subclasses.
We propose GEORGE, a method to both measure and mitigate hidden stratification even when subclass labels are unknown.
arXiv Detail & Related papers (2020-11-25T18:50:32Z) - Towards Robust Fine-grained Recognition by Maximal Separation of
Discriminative Features [72.72840552588134]
We identify the proximity of the latent representations of different classes in fine-grained recognition networks as a key factor to the success of adversarial attacks.
We introduce an attention-based regularization mechanism that maximally separates the discriminative latent features of different classes.
arXiv Detail & Related papers (2020-06-10T18:34:45Z) - Certified Robustness to Label-Flipping Attacks via Randomized Smoothing [105.91827623768724]
Machine learning algorithms are susceptible to data poisoning attacks.
We present a unifying view of randomized smoothing over arbitrary functions.
We propose a new strategy for building classifiers that are pointwise-certifiably robust to general data poisoning attacks.
arXiv Detail & Related papers (2020-02-07T21:28:30Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.