Can't Fool Me: Adversarially Robust Transformer for Video Understanding

• URL: http://arxiv.org/abs/2110.13950v1
• Date: Tue, 26 Oct 2021 18:30:21 GMT
• Title: Can't Fool Me: Adversarially Robust Transformer for Video Understanding
• Authors: Divya Choudhary, Palash Goyal, Saurabh Sahu
• Abstract summary: In video understanding tasks, developing adversarially robust models is still unexplored. We first show that simple extensions of image based adversarially robust models slightly improve the worst-case performance. We illustrate using a large-scale video data set YouTube-8M that the final model achieves close to non-adversarial performance.
• Score: 8.082788827336337
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Deep neural networks have been shown to perform poorly on adversarial examples. To address this, several techniques have been proposed to increase robustness of a model for image classification tasks. However, in video understanding tasks, developing adversarially robust models is still unexplored. In this paper, we aim to bridge this gap. We first show that simple extensions of image based adversarially robust models slightly improve the worst-case performance. Further, we propose a temporal attention regularization scheme in Transformer to improve the robustness of attention modules to adversarial examples. We illustrate using a large-scale video data set YouTube-8M that the final model (A-ART) achieves close to non-adversarial performance on its adversarial example set. We achieve 91% GAP on adversarial examples, whereas baseline Transformer and simple adversarial extensions achieve 72.9% and 82% respectively, showing significant improvement in robustness over the state-of-the-art.

Related papers

• Protecting Feed-Forward Networks from Adversarial Attacks Using Predictive Coding [0.20718016474717196]
  An adversarial example is a modified input image designed to cause a Machine Learning (ML) model to make a mistake. This study presents a practical and effective solution -- using predictive coding networks (PCnets) as an auxiliary step for adversarial defence.
  arXiv  Detail & Related papers  (2024-10-31T21:38:05Z)
• Inter-frame Accelerate Attack against Video Interpolation Models [73.28751441626754]
  We apply adversarial attacks to VIF models and find that the VIF models are very vulnerable to adversarial examples. We propose a novel attack method named Inter-frame Accelerate Attack (IAA) thats the iterations as the perturbation for the previous adjacent frame. It is shown that our method can improve attack efficiency greatly while achieving comparable attack performance with traditional methods.
  arXiv  Detail & Related papers  (2023-05-11T03:08:48Z)
• Learning Transferable Adversarial Robust Representations via Multi-view Consistency [57.73073964318167]
  We propose a novel meta-adversarial multi-view representation learning framework with dual encoders. We demonstrate the effectiveness of our framework on few-shot learning tasks from unseen domains.
  arXiv  Detail & Related papers  (2022-10-19T11:48:01Z)
• Frequency Domain Model Augmentation for Adversarial Attack [91.36850162147678]
  For black-box attacks, the gap between the substitute model and the victim model is usually large. We propose a novel spectrum simulation attack to craft more transferable adversarial examples against both normally trained and defense models.
  arXiv  Detail & Related papers  (2022-07-12T08:26:21Z)
• Deeper Insights into ViTs Robustness towards Common Corruptions [82.79764218627558]
  We investigate how CNN-like architectural designs and CNN-based data augmentation strategies impact on ViTs' robustness towards common corruptions. We demonstrate that overlapping patch embedding and convolutional Feed-Forward Network (FFN) boost performance on robustness. We also introduce a novel conditional method enabling input-varied augmentations from two angles.
  arXiv  Detail & Related papers  (2022-04-26T08:22:34Z)
• ARIA: Adversarially Robust Image Attribution for Content Provenance [25.217001579437635]
  We show how to generate valid adversarial images that can easily cause incorrect image attribution. We then describe an approach to prevent imperceptible adversarial attacks on deep visual fingerprinting models. The resulting models are substantially more robust, are accurate even on unperturbed images, and perform well even over a database with millions of images.
  arXiv  Detail & Related papers  (2022-02-25T18:11:45Z)
• Error Diffusion Halftoning Against Adversarial Examples [85.11649974840758]
  Adversarial examples contain carefully crafted perturbations that can fool deep neural networks into making wrong predictions. We propose a new image transformation defense based on error diffusion halftoning, and combine it with adversarial training to defend against adversarial examples.
  arXiv  Detail & Related papers  (2021-01-23T07:55:02Z)
• Encoding Robustness to Image Style via Adversarial Feature Perturbations [72.81911076841408]
  We adapt adversarial training by directly perturbing feature statistics, rather than image pixels, to produce robust models. Our proposed method, Adversarial Batch Normalization (AdvBN), is a single network layer that generates worst-case feature perturbations during training.
  arXiv  Detail & Related papers  (2020-09-18T17:52:34Z)
• AdvJND: Generating Adversarial Examples with Just Noticeable Difference [3.638233924421642]
  Adding small perturbations on examples causes a good-performance model to misclassify the crafted examples. Adversarial examples generated by our AdvJND algorithm yield distributions similar to those of the original inputs.
  arXiv  Detail & Related papers  (2020-02-01T09:55:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.