Adversarial Robustness through the Lens of Causality
- URL: http://arxiv.org/abs/2106.06196v1
- Date: Fri, 11 Jun 2021 06:55:02 GMT
- Title: Adversarial Robustness through the Lens of Causality
- Authors: Yonggang Zhang, Mingming Gong, Tongliang Liu, Gang Niu, Xinmei Tian,
Bo Han, Bernhard Sch\"olkopf and Kun Zhang
- Abstract summary: adversarial vulnerability of deep neural networks has attracted significant attention in machine learning.
We propose to incorporate causality into mitigating adversarial vulnerability.
Our method can be seen as the first attempt to leverage causality for mitigating adversarial vulnerability.
- Score: 105.51753064807014
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The adversarial vulnerability of deep neural networks has attracted
significant attention in machine learning. From a causal viewpoint, adversarial
attacks can be considered as a specific type of distribution change on natural
data. As causal reasoning has an instinct for modeling distribution change, we
propose to incorporate causality into mitigating adversarial vulnerability.
However, causal formulations of the intuition of adversarial attack and the
development of robust DNNs are still lacking in the literature. To bridge this
gap, we construct a causal graph to model the generation process of adversarial
examples and define the adversarial distribution to formalize the intuition of
adversarial attacks. From a causal perspective, we find that the label is
spuriously correlated with the style (content-independent) information when an
instance is given. The spurious correlation implies that the adversarial
distribution is constructed via making the statistical conditional association
between style information and labels drastically different from that in natural
distribution. Thus, DNNs that fit the spurious correlation are vulnerable to
the adversarial distribution. Inspired by the observation, we propose the
adversarial distribution alignment method to eliminate the difference between
the natural distribution and the adversarial distribution. Extensive
experiments demonstrate the efficacy of the proposed method. Our method can be
seen as the first attempt to leverage causality for mitigating adversarial
vulnerability.
Related papers
- Identifiable Latent Neural Causal Models [82.14087963690561]
Causal representation learning seeks to uncover latent, high-level causal representations from low-level observed data.
We determine the types of distribution shifts that do contribute to the identifiability of causal representations.
We translate our findings into a practical algorithm, allowing for the acquisition of reliable latent causal representations.
arXiv Detail & Related papers (2024-03-23T04:13:55Z) - Demystifying Causal Features on Adversarial Examples and Causal
Inoculation for Robust Network by Adversarial Instrumental Variable
Regression [32.727673706238086]
We propose a way of delving into the unexpected vulnerability in adversarially trained networks from a causal perspective.
By deploying it, we estimate the causal relation of adversarial prediction under an unbiased environment.
We demonstrate that the estimated causal features are highly related to the correct prediction for adversarial robustness.
arXiv Detail & Related papers (2023-03-02T08:18:22Z) - Improving Adversarial Robustness via Mutual Information Estimation [144.33170440878519]
Deep neural networks (DNNs) are found to be vulnerable to adversarial noise.
In this paper, we investigate the dependence between outputs of the target model and input adversarial samples from the perspective of information theory.
We propose to enhance the adversarial robustness by maximizing the natural MI and minimizing the adversarial MI during the training process.
arXiv Detail & Related papers (2022-07-25T13:45:11Z) - On the (Un-)Avoidability of Adversarial Examples [4.822598110892847]
adversarial examples in deep learning models have caused substantial concern over their reliability.
We provide a framework for determining whether a model's label change under small perturbation is justified.
We prove that our adaptive data-augmentation maintains consistency of 1-nearest neighbor classification under deterministic labels.
arXiv Detail & Related papers (2021-06-24T21:35:25Z) - Adversarial Visual Robustness by Causal Intervention [56.766342028800445]
Adversarial training is the de facto most promising defense against adversarial examples.
Yet, its passive nature inevitably prevents it from being immune to unknown attackers.
We provide a causal viewpoint of adversarial vulnerability: the cause is the confounder ubiquitously existing in learning.
arXiv Detail & Related papers (2021-06-17T14:23:54Z) - Latent Causal Invariant Model [128.7508609492542]
Current supervised learning can learn spurious correlation during the data-fitting process.
We propose a Latent Causal Invariance Model (LaCIM) which pursues causal prediction.
arXiv Detail & Related papers (2020-11-04T10:00:27Z) - Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial
Perturbations [65.05561023880351]
Adversarial examples are malicious inputs crafted to induce misclassification.
This paper studies a complementary failure mode, invariance-based adversarial examples.
We show that defenses against sensitivity-based attacks actively harm a model's accuracy on invariance-based attacks.
arXiv Detail & Related papers (2020-02-11T18:50:23Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.