Robust Training Using Natural Transformation
- URL: http://arxiv.org/abs/2105.04070v1
- Date: Mon, 10 May 2021 01:56:03 GMT
- Title: Robust Training Using Natural Transformation
- Authors: Shuo Wang, Lingjuan Lyu, Surya Nepal, Carsten Rudolph, Marthie
Grobler, Kristen Moore
- Abstract summary: We present NaTra, an adversarial training scheme to improve robustness of image classification algorithms.
We target attributes of the input images that are independent of the class identification, and manipulate those attributes to mimic real-world natural transformations.
We demonstrate the efficacy of our scheme by utilizing the disentangled latent representations derived from well-trained GANs.
- Score: 19.455666609149567
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Previous robustness approaches for deep learning models such as data
augmentation techniques via data transformation or adversarial training cannot
capture real-world variations that preserve the semantics of the input, such as
a change in lighting conditions. To bridge this gap, we present NaTra, an
adversarial training scheme that is designed to improve the robustness of image
classification algorithms. We target attributes of the input images that are
independent of the class identification, and manipulate those attributes to
mimic real-world natural transformations (NaTra) of the inputs, which are then
used to augment the training dataset of the image classifier. Specifically, we
apply \textit{Batch Inverse Encoding and Shifting} to map a batch of given
images to corresponding disentangled latent codes of well-trained generative
models. \textit{Latent Codes Expansion} is used to boost image reconstruction
quality through the incorporation of extended feature maps.
\textit{Unsupervised Attribute Directing and Manipulation} enables
identification of the latent directions that correspond to specific attribute
changes, and then produce interpretable manipulations of those attributes,
thereby generating natural transformations to the input data. We demonstrate
the efficacy of our scheme by utilizing the disentangled latent representations
derived from well-trained GANs to mimic transformations of an image that are
similar to real-world natural variations (such as lighting conditions or
hairstyle), and train models to be invariant to these natural transformations.
Extensive experiments show that our method improves generalization of
classification models and increases its robustness to various real-world
distortions
Related papers
- Random Field Augmentations for Self-Supervised Representation Learning [4.3543354293465155]
We propose a new family of local transformations based on Gaussian random fields to generate image augmentations for self-supervised representation learning.
We achieve a 1.7% top-1 accuracy improvement over baseline on ImageNet downstream classification, and a 3.6% improvement on out-of-distribution iNaturalist downstream classification.
While mild transformations improve representations, we observe that strong transformations can degrade the structure of an image.
arXiv Detail & Related papers (2023-11-07T00:35:09Z) - Improving the Transferability of Adversarial Examples with Arbitrary
Style Transfer [32.644062141738246]
A style transfer network can alter the distribution of low-level visual features in an image while preserving semantic content for humans.
We propose a novel attack method named Style Transfer Method (STM) that utilizes a proposed arbitrary style transfer network to transform the images into different domains.
Our proposed method can significantly improve the adversarial transferability on either normally trained models or adversarially trained models.
arXiv Detail & Related papers (2023-08-21T09:58:13Z) - Improving Diffusion-based Image Translation using Asymmetric Gradient
Guidance [51.188396199083336]
We present an approach that guides the reverse process of diffusion sampling by applying asymmetric gradient guidance.
Our model's adaptability allows it to be implemented with both image-fusion and latent-dif models.
Experiments show that our method outperforms various state-of-the-art models in image translation tasks.
arXiv Detail & Related papers (2023-06-07T12:56:56Z) - Effective Data Augmentation With Diffusion Models [65.09758931804478]
We address the lack of diversity in data augmentation with image-to-image transformations parameterized by pre-trained text-to-image diffusion models.
Our method edits images to change their semantics using an off-the-shelf diffusion model, and generalizes to novel visual concepts from a few labelled examples.
We evaluate our approach on few-shot image classification tasks, and on a real-world weed recognition task, and observe an improvement in accuracy in tested domains.
arXiv Detail & Related papers (2023-02-07T20:42:28Z) - Data augmentation with mixtures of max-entropy transformations for
filling-level classification [88.14088768857242]
We address the problem of distribution shifts in test-time data with a principled data augmentation scheme for the task of content-level classification.
We show that such a principled augmentation scheme, alone, can replace current approaches that use transfer learning or can be used in combination with transfer learning to improve its performance.
arXiv Detail & Related papers (2022-03-08T11:41:38Z) - Adaptive Image Transformations for Transfer-based Adversarial Attack [73.74904401540743]
We propose a novel architecture, called Adaptive Image Transformation Learner (AITL)
Our elaborately designed learner adaptively selects the most effective combination of image transformations specific to the input image.
Our method significantly improves the attack success rates on both normally trained models and defense models under various settings.
arXiv Detail & Related papers (2021-11-27T08:15:44Z) - Encoding Robustness to Image Style via Adversarial Feature Perturbations [72.81911076841408]
We adapt adversarial training by directly perturbing feature statistics, rather than image pixels, to produce robust models.
Our proposed method, Adversarial Batch Normalization (AdvBN), is a single network layer that generates worst-case feature perturbations during training.
arXiv Detail & Related papers (2020-09-18T17:52:34Z) - Probabilistic Spatial Transformer Networks [0.6999740786886537]
We propose a probabilistic extension that estimates a transformation rather than a deterministic one.
We show that these two properties lead to improved classification performance, robustness and model calibration.
We further demonstrate that the approach generalizes to non-visual domains by improving model performance on time-series data.
arXiv Detail & Related papers (2020-04-07T18:22:02Z) - Fast Symmetric Diffeomorphic Image Registration with Convolutional
Neural Networks [11.4219428942199]
We present a novel, efficient unsupervised symmetric image registration method.
We evaluate our method on 3D image registration with a large scale brain image dataset.
arXiv Detail & Related papers (2020-03-20T22:07:24Z) - Fine-grained Image-to-Image Transformation towards Visual Recognition [102.51124181873101]
We aim at transforming an image with a fine-grained category to synthesize new images that preserve the identity of the input image.
We adopt a model based on generative adversarial networks to disentangle the identity related and unrelated factors of an image.
Experiments on the CompCars and Multi-PIE datasets demonstrate that our model preserves the identity of the generated images much better than the state-of-the-art image-to-image transformation models.
arXiv Detail & Related papers (2020-01-12T05:26:47Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.