Adversarial Robustness through the Lens of Convolutional Filters

• URL: http://arxiv.org/abs/2204.02481v1
• Date: Tue, 5 Apr 2022 20:29:16 GMT
• Title: Adversarial Robustness through the Lens of Convolutional Filters
• Authors: Paul Gavrikov and Janis Keuper
• Abstract summary: We investigate 3x3 convolution filters that form in adversarially-trained models. Filters are extracted from 71 public models of the linf-RobustBench CIFAR-10/100 and ImageNet1k leaderboard.
• Score: 2.0305676256390934
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep learning models are intrinsically sensitive to distribution shifts in the input data. In particular, small, barely perceivable perturbations to the input data can force models to make wrong predictions with high confidence. An common defense mechanism is regularization through adversarial training which injects worst-case perturbations back into training to strengthen the decision boundaries, and to reduce overfitting. In this context, we perform an investigation of 3x3 convolution filters that form in adversarially-trained models. Filters are extracted from 71 public models of the linf-RobustBench CIFAR-10/100 and ImageNet1k leaderboard and compared to filters extracted from models built on the same architectures but trained without robust regularization. We observe that adversarially-robust models appear to form more diverse, less sparse, and more orthogonal convolution filters than their normal counterparts. The largest differences between robust and normal models are found in the deepest layers, and the very first convolution layer, which consistently and predominantly forms filters that can partially eliminate perturbations, irrespective of the architecture. Data & Project website: https://github.com/paulgavrikov/cvpr22w_RobustnessThroughTheLens

Related papers

• Uncertainty Representations in State-Space Layers for Deep Reinforcement Learning under Partial Observability [59.758009422067]
  We propose a standalone Kalman filter layer that performs closed-form Gaussian inference in linear state-space models. Similar to efficient linear recurrent layers, the Kalman filter layer processes sequential data using a parallel scan. Experiments show that Kalman filter layers excel in problems where uncertainty reasoning is key for decision-making, outperforming other stateful models.
  arXiv  Detail & Related papers  (2024-09-25T11:22:29Z)
• LARA: A Light and Anti-overfitting Retraining Approach for Unsupervised Time Series Anomaly Detection [49.52429991848581]
  We propose a Light and Anti-overfitting Retraining Approach (LARA) for deep variational auto-encoder based time series anomaly detection methods (VAEs) This work aims to make three novel contributions: 1) the retraining process is formulated as a convex problem and can converge at a fast rate as well as prevent overfitting; 2) designing a ruminate block, which leverages the historical data without the need to store them; and 3) mathematically proving that when fine-tuning the latent vector and reconstructed data, the linear formations can achieve the least adjusting errors between the ground truths and the fine-tuned ones.
  arXiv  Detail & Related papers  (2023-10-09T12:36:16Z)
• Layer-wise Linear Mode Connectivity [52.6945036534469]
  Averaging neural network parameters is an intuitive method for the knowledge of two independent models. It is most prominently used in federated learning. We analyse the performance of the models that result from averaging single, or groups.
  arXiv  Detail & Related papers  (2023-07-13T09:39:10Z)
• Combining Slow and Fast: Complementary Filtering for Dynamics Learning [9.11991227308599]
  We propose a learning-based model learning approach to dynamics model learning. We also propose a hybrid model that requires an additional physics-based simulator.
  arXiv  Detail & Related papers  (2023-02-27T13:32:47Z)
• The Power of Linear Combinations: Learning with Random Convolutions [2.0305676256390934]
  Modern CNNs can achieve high test accuracies without ever updating randomly (spatial) convolution filters. These combinations of random filters can implicitly regularize the resulting operations. Although we only observe relatively small gains from learning $3times 3$ convolutions, the learning gains increase proportionally with kernel size.
  arXiv  Detail & Related papers  (2023-01-26T19:17:10Z)
• Part-Based Models Improve Adversarial Robustness [57.699029966800644]
  We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks. Our model combines a part segmentation model with a tiny classifier and is trained end-to-end to simultaneously segment objects into parts. Our experiments indicate that these models also reduce texture bias and yield better robustness against common corruptions and spurious correlations.
  arXiv  Detail & Related papers  (2022-09-15T15:41:47Z)
• Shaken, and Stirred: Long-Range Dependencies Enable Robust Outlier Detection with PixelCNN++ [6.736754991468853]
  We show that biases in PixelCNN++ likelihoods arise primarily from predictions based on local dependencies. We propose two families of transformations -- stirring'' and shaking'' -- which ameliorate low-level biases and isolate the contribution of long-range dependencies. We test our approaches extensively with five grayscale and six natural image datasets and show that they achieve or exceed state-of-the-art outlier detection.
  arXiv  Detail & Related papers  (2022-08-29T13:17:22Z)
• Few-Shot Non-Parametric Learning with Deep Latent Variable Model [50.746273235463754]
  We propose Non-Parametric learning by Compression with Latent Variables (NPC-LV) NPC-LV is a learning framework for any dataset with abundant unlabeled data but very few labeled ones. We show that NPC-LV outperforms supervised methods on all three datasets on image classification in low data regime.
  arXiv  Detail & Related papers  (2022-06-23T09:35:03Z)
• CNN Filter DB: An Empirical Investigation of Trained Convolutional Filters [2.0305676256390934]
  We show that model pre-training can succeed on arbitrary datasets if they meet size and variance conditions. We show that many pre-trained models contain degenerated filters which make them less robust and less suitable for fine-tuning on target applications.
  arXiv  Detail & Related papers  (2022-03-29T08:25:42Z)
• Affine-Invariant Robust Training [0.0]
  This project reviews work in spatial robustness methods and proposes zeroth order optimization algorithms to find the worst affine transforms for each input. The proposed method effectively yields robust models and allows introducing non-parametric adversarial perturbations.
  arXiv  Detail & Related papers  (2020-10-08T18:59:19Z)
• Training Interpretable Convolutional Neural Networks by Differentiating Class-specific Filters [64.46270549587004]
  Convolutional neural networks (CNNs) have been successfully used in a range of tasks. CNNs are often viewed as "black-box" and lack of interpretability. We propose a novel strategy to train interpretable CNNs by encouraging class-specific filters.
  arXiv  Detail & Related papers  (2020-07-16T09:12:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.