Jacobian Ensembles Improve Robustness Trade-offs to Adversarial Attacks

• URL: http://arxiv.org/abs/2204.08726v1
• Date: Tue, 19 Apr 2022 08:04:38 GMT
• Title: Jacobian Ensembles Improve Robustness Trade-offs to Adversarial Attacks
• Authors: Kenneth T. Co, David Martinez-Rego, Zhongyuan Hau, Emil C. Lupu
• Abstract summary: We propose a novel approach, Jacobian Ensembles, to increase the robustness against UAPs. Our results show that Jacobian Ensembles achieves previously unseen levels of accuracy and robustness.
• Score: 5.70772577110828
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Deep neural networks have become an integral part of our software infrastructure and are being deployed in many widely-used and safety-critical applications. However, their integration into many systems also brings with it the vulnerability to test time attacks in the form of Universal Adversarial Perturbations (UAPs). UAPs are a class of perturbations that when applied to any input causes model misclassification. Although there is an ongoing effort to defend models against these adversarial attacks, it is often difficult to reconcile the trade-offs in model accuracy and robustness to adversarial attacks. Jacobian regularization has been shown to improve the robustness of models against UAPs, whilst model ensembles have been widely adopted to improve both predictive performance and model robustness. In this work, we propose a novel approach, Jacobian Ensembles-a combination of Jacobian regularization and model ensembles to significantly increase the robustness against UAPs whilst maintaining or improving model accuracy. Our results show that Jacobian Ensembles achieves previously unseen levels of accuracy and robustness, greatly improving over previous methods that tend to skew towards only either accuracy or robustness.

Related papers

• Learn from the Past: A Proxy Guided Adversarial Defense Framework with Self Distillation Regularization [53.04697800214848]
  Adversarial Training (AT) is pivotal in fortifying the robustness of deep learning models. AT methods, relying on direct iterative updates for target model's defense, frequently encounter obstacles such as unstable training and catastrophic overfitting. We present a general proxy guided defense framework, LAST' (bf Learn from the Pbf ast)
  arXiv  Detail & Related papers  (2023-10-19T13:13:41Z)
• Improved Robustness Against Adaptive Attacks With Ensembles and Error-Correcting Output Codes [0.0]
  We investigate the robustness of Error-Correcting Output Codes (ECOC) ensembles through architectural improvements and ensemble diversity promotion. We perform a comprehensive robustness assessment against adaptive attacks and investigate the relationship between ensemble diversity and robustness.
  arXiv  Detail & Related papers  (2023-03-04T05:05:17Z)
• Interpolated Joint Space Adversarial Training for Robust and Generalizable Defenses [82.3052187788609]
  Adversarial training (AT) is considered to be one of the most reliable defenses against adversarial attacks. Recent works show generalization improvement with adversarial samples under novel threat models. We propose a novel threat model called Joint Space Threat Model (JSTM) Under JSTM, we develop novel adversarial attacks and defenses.
  arXiv  Detail & Related papers  (2021-12-12T21:08:14Z)
• SafeAMC: Adversarial training for robust modulation recognition models [53.391095789289736]
  In communication systems, there are many tasks, like modulation recognition, which rely on Deep Neural Networks (DNNs) models. These models have been shown to be susceptible to adversarial perturbations, namely imperceptible additive noise crafted to induce misclassification. We propose to use adversarial training, which consists of fine-tuning the model with adversarial perturbations, to increase the robustness of automatic modulation recognition models.
  arXiv  Detail & Related papers  (2021-05-28T11:29:04Z)
• Jacobian Regularization for Mitigating Universal Adversarial Perturbations [2.9465623430708905]
  Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on large sets of data. We derive upper bounds for the effectiveness of UAPs based on norms of data-dependent Jacobians.
  arXiv  Detail & Related papers  (2021-04-21T11:00:21Z)
• "What's in the box?!": Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models [71.91835408379602]
  adversarial examples have been long considered a real threat to machine learning models. We propose an alternative deployment-based defense paradigm that goes beyond the traditional white-box and black-box threat models.
  arXiv  Detail & Related papers  (2021-02-09T20:07:13Z)
• Voting based ensemble improves robustness of defensive models [82.70303474487105]
  We study whether it is possible to create an ensemble to further improve robustness. By ensembling several state-of-the-art pre-trained defense models, our method can achieve a 59.8% robust accuracy.
  arXiv  Detail & Related papers  (2020-11-28T00:08:45Z)
• Posterior Differential Regularization with f-divergence for Improving Model Robustness [95.05725916287376]
  We focus on methods that regularize the model posterior difference between clean and noisy inputs. We generalize the posterior differential regularization to the family of $f$-divergences. Our experiments show that regularizing the posterior differential with $f$-divergence can result in well-improved model robustness.
  arXiv  Detail & Related papers  (2020-10-23T19:58:01Z)
• Certifying Joint Adversarial Robustness for Model Ensembles [10.203602318836445]
  Deep Neural Networks (DNNs) are often vulnerable to adversarial examples. A proposed defense deploys an ensemble of models with the hope that, although the individual models may be vulnerable, an adversary will not be able to find an adversarial example that succeeds against the ensemble. We consider the joint vulnerability of an ensemble of models, and propose a novel technique for certifying the joint robustness of ensembles.
  arXiv  Detail & Related papers  (2020-04-21T19:38:31Z)
• Revisiting Ensembles in an Adversarial Context: Improving Natural Accuracy [5.482532589225552]
  There is still a significant gap in natural accuracy between robust and non-robust models. We consider a number of ensemble methods designed to mitigate this performance difference. We consider two schemes, one that combines predictions from several randomly robust models, and the other that fuses features from robust and standard models.
  arXiv  Detail & Related papers  (2020-02-26T15:45:58Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.