TRS: Transferability Reduced Ensemble via Encouraging Gradient Diversity
and Model Smoothness
- URL: http://arxiv.org/abs/2104.00671v1
- Date: Thu, 1 Apr 2021 17:58:35 GMT
- Title: TRS: Transferability Reduced Ensemble via Encouraging Gradient Diversity
and Model Smoothness
- Authors: Zhuolin Yang, Linyi Li, Xiaojun Xu, Shiliang Zuo, Qian Chen, Benjamin
Rubinstein, Ce Zhang, Bo Li
- Abstract summary: Adversarial Transferability is an intriguing property of adversarial examples.
This paper theoretically analyzes sufficient conditions for transferability between models.
We propose a practical algorithm to reduce transferability within an ensemble to improve its robustness.
- Score: 14.342349428248887
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Adversarial Transferability is an intriguing property of adversarial examples
-- a perturbation that is crafted against one model is also effective against
another model, which may arise from a different model family or training
process. To better protect ML systems against adversarial attacks, several
questions are raised: what are the sufficient conditions for adversarial
transferability? Is it possible to bound such transferability? Is there a way
to reduce the transferability in order to improve the robustness of an ensemble
ML model? To answer these questions, we first theoretically analyze sufficient
conditions for transferability between models and propose a practical algorithm
to reduce transferability within an ensemble to improve its robustness. Our
theoretical analysis shows only the orthogonality between gradients of
different models is not enough to ensure low adversarial transferability: the
model smoothness is also an important factor. In particular, we provide a
lower/upper bound of adversarial transferability based on model gradient
similarity for low risk classifiers based on gradient orthogonality and model
smoothness. We demonstrate that under the condition of gradient orthogonality,
smoother classifiers will guarantee lower adversarial transferability.
Furthermore, we propose an effective Transferability Reduced
Smooth-ensemble(TRS) training strategy to train a robust ensemble with low
transferability by enforcing model smoothness and gradient orthogonality
between base models. We conduct extensive experiments on TRS by comparing with
other state-of-the-art baselines on different datasets, showing that the
proposed TRS outperforms all baselines significantly. We believe our analysis
on adversarial transferability will inspire future research towards developing
robust ML models taking these adversarial transferability properties into
account.
Related papers
- LOTOS: Layer-wise Orthogonalization for Training Robust Ensembles [13.776549741449557]
We study the effect of Lipschitz continuity on transferability rates.
We introduce LOTOS, a new training paradigm for ensembles, which counteracts this adverse effect.
arXiv Detail & Related papers (2024-10-07T15:43:28Z) - The Risk of Federated Learning to Skew Fine-Tuning Features and
Underperform Out-of-Distribution Robustness [50.52507648690234]
Federated learning has the risk of skewing fine-tuning features and compromising the robustness of the model.
We introduce three robustness indicators and conduct experiments across diverse robust datasets.
Our approach markedly enhances the robustness across diverse scenarios, encompassing various parameter-efficient fine-tuning methods.
arXiv Detail & Related papers (2024-01-25T09:18:51Z) - LRS: Enhancing Adversarial Transferability through Lipschitz Regularized
Surrogate [8.248964912483912]
The transferability of adversarial examples is of central importance to transfer-based black-box adversarial attacks.
We propose Lipschitz Regularized Surrogate (LRS) for transfer-based black-box attacks.
We evaluate our proposed LRS approach by attacking state-of-the-art standard deep neural networks and defense models.
arXiv Detail & Related papers (2023-12-20T15:37:50Z) - Robust Transfer Learning with Unreliable Source Data [13.276850367115333]
We introduce a novel quantity called the ''ambiguity level'' that measures the discrepancy between the target and source regression functions.
We propose a simple transfer learning procedure, and establish a general theorem that shows how this new quantity is related to the transferability of learning.
arXiv Detail & Related papers (2023-10-06T21:50:21Z) - Set-level Guidance Attack: Boosting Adversarial Transferability of
Vision-Language Pre-training Models [52.530286579915284]
We present the first study to investigate the adversarial transferability of vision-language pre-training models.
The transferability degradation is partly caused by the under-utilization of cross-modal interactions.
We propose a highly transferable Set-level Guidance Attack (SGA) that thoroughly leverages modality interactions and incorporates alignment-preserving augmentation with cross-modal guidance.
arXiv Detail & Related papers (2023-07-26T09:19:21Z) - Why Does Little Robustness Help? Understanding and Improving Adversarial
Transferability from Surrogate Training [24.376314203167016]
Adversarial examples (AEs) for DNNs have been shown to be transferable.
In this paper, we take a further step towards understanding adversarial transferability.
arXiv Detail & Related papers (2023-07-15T19:20:49Z) - CARTL: Cooperative Adversarially-Robust Transfer Learning [22.943270371841226]
In deep learning, a typical strategy for transfer learning is to freeze the early layers of a pre-trained model and fine-tune the rest of its layers on the target domain.
We propose a novel cooperative adversarially-robust transfer learning (CARTL) by pre-training the model via feature distance minimization and fine-tuning the pre-trained model with non-expansive fine-tuning for target domain tasks.
arXiv Detail & Related papers (2021-06-12T02:29:55Z) - High-Robustness, Low-Transferability Fingerprinting of Neural Networks [78.2527498858308]
This paper proposes Characteristic Examples for effectively fingerprinting deep neural networks.
It features high-robustness to the base model against model pruning as well as low-transferability to unassociated models.
arXiv Detail & Related papers (2021-05-14T21:48:23Z) - Comparing Probability Distributions with Conditional Transport [63.11403041984197]
We propose conditional transport (CT) as a new divergence and approximate it with the amortized CT (ACT) cost.
ACT amortizes the computation of its conditional transport plans and comes with unbiased sample gradients that are straightforward to compute.
On a wide variety of benchmark datasets generative modeling, substituting the default statistical distance of an existing generative adversarial network with ACT is shown to consistently improve the performance.
arXiv Detail & Related papers (2020-12-28T05:14:22Z) - On the Transferability of VAE Embeddings using Relational Knowledge with
Semi-Supervision [67.96748304066827]
We propose a new model for relational VAE semi-supervision capable of balancing disentanglement and low complexity modelling of relations with different symbolic properties.
We compare the relative benefits of relation-decoder and latent space structure on both inductive and transductive transfer learning.
arXiv Detail & Related papers (2020-11-13T21:40:32Z) - Boosting Black-Box Attack with Partially Transferred Conditional
Adversarial Distribution [83.02632136860976]
We study black-box adversarial attacks against deep neural networks (DNNs)
We develop a novel mechanism of adversarial transferability, which is robust to the surrogate biases.
Experiments on benchmark datasets and attacking against real-world API demonstrate the superior attack performance of the proposed method.
arXiv Detail & Related papers (2020-06-15T16:45:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.