What Do Adversarially trained Neural Networks Focus: A Fourier
Domain-based Study
- URL: http://arxiv.org/abs/2203.08739v1
- Date: Wed, 16 Mar 2022 16:37:17 GMT
- Title: What Do Adversarially trained Neural Networks Focus: A Fourier
Domain-based Study
- Authors: Binxiao Huang, Chaofan Tao, Rui Lin, Ngai Wong
- Abstract summary: This work studies what information the adversarially trained model focuses on.
We consider two common ways to improve model robustness, namely, by data augmentation and by using stronger network architectures.
- Score: 8.912245110734334
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Although many fields have witnessed the superior performance brought about by
deep learning, the robustness of neural networks remains an open issue.
Specifically, a small adversarial perturbation on the input may cause the model
to produce a completely different output. Such poor robustness implies many
potential hazards, especially in security-critical applications, e.g.,
autonomous driving and mobile robotics. This work studies what information the
adversarially trained model focuses on. Empirically, we notice that the
differences between the clean and adversarial data are mainly distributed in
the low-frequency region. We then find that an adversarially-trained model is
more robust than its naturally-trained counterpart due to the reason that the
former pays more attention to learning the dominant information in
low-frequency components. In addition, we consider two common ways to improve
model robustness, namely, by data augmentation and by using stronger network
architectures, and understand these techniques from a frequency-domain
perspective. We are hopeful this work can shed light on the design of more
robust neural networks.
Related papers
- Interpretable Computer Vision Models through Adversarial Training:
Unveiling the Robustness-Interpretability Connection [0.0]
Interpretability is as essential as robustness when we deploy the models to the real world.
Standard models, compared to robust are more susceptible to adversarial attacks, and their learned representations are less meaningful to humans.
arXiv Detail & Related papers (2023-07-04T13:51:55Z) - Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck [77.37409441129995]
In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition.
We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training.
We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
arXiv Detail & Related papers (2023-03-24T16:03:21Z) - What Can the Neural Tangent Kernel Tell Us About Adversarial Robustness? [0.0]
We study adversarial examples of trained neural networks through analytical tools afforded by recent theory advances connecting neural networks and kernel methods.
We show how NTKs allow to generate adversarial examples in a training-free'' fashion, and demonstrate that they transfer to fool their finite-width neural net counterparts in the lazy'' regime.
arXiv Detail & Related papers (2022-10-11T16:11:48Z) - Data-driven emergence of convolutional structure in neural networks [83.4920717252233]
We show how fully-connected neural networks solving a discrimination task can learn a convolutional structure directly from their inputs.
By carefully designing data models, we show that the emergence of this pattern is triggered by the non-Gaussian, higher-order local structure of the inputs.
arXiv Detail & Related papers (2022-02-01T17:11:13Z) - On the benefits of robust models in modulation recognition [53.391095789289736]
Deep Neural Networks (DNNs) using convolutional layers are state-of-the-art in many tasks in communications.
In other domains, like image classification, DNNs have been shown to be vulnerable to adversarial perturbations.
We propose a novel framework to test the robustness of current state-of-the-art models.
arXiv Detail & Related papers (2021-03-27T19:58:06Z) - Explainable Adversarial Attacks in Deep Neural Networks Using Activation
Profiles [69.9674326582747]
This paper presents a visual framework to investigate neural network models subjected to adversarial examples.
We show how observing these elements can quickly pinpoint exploited areas in a model.
arXiv Detail & Related papers (2021-03-18T13:04:21Z) - Non-Singular Adversarial Robustness of Neural Networks [58.731070632586594]
Adrial robustness has become an emerging challenge for neural network owing to its over-sensitivity to small input perturbations.
We formalize the notion of non-singular adversarial robustness for neural networks through the lens of joint perturbations to data inputs as well as model weights.
arXiv Detail & Related papers (2021-02-23T20:59:30Z) - The Self-Simplifying Machine: Exploiting the Structure of Piecewise
Linear Neural Networks to Create Interpretable Models [0.0]
We introduce novel methodology toward simplification and increased interpretability of Piecewise Linear Neural Networks for classification tasks.
Our methods include the use of a trained, deep network to produce a well-performing, single-hidden-layer network without further training.
On these methods, we conduct preliminary studies of model performance, as well as a case study on Wells Fargo's Home Lending dataset.
arXiv Detail & Related papers (2020-12-02T16:02:14Z) - Vulnerability Under Adversarial Machine Learning: Bias or Variance? [77.30759061082085]
We investigate the effect of adversarial machine learning on the bias and variance of a trained deep neural network.
Our analysis sheds light on why the deep neural networks have poor performance under adversarial perturbation.
We introduce a new adversarial machine learning algorithm with lower computational complexity than well-known adversarial machine learning strategies.
arXiv Detail & Related papers (2020-08-01T00:58:54Z) - Robustness from Simple Classifiers [31.50446148110293]
We investigate the connection between robustness and simplicity.
We find that simpler classifiers, formed by reducing the number of output classes, are less susceptible to adversarial perturbations.
arXiv Detail & Related papers (2020-02-21T17:13:37Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.