One-Pixel Shortcut: on the Learning Preference of Deep Neural Networks
- URL: http://arxiv.org/abs/2205.12141v1
- Date: Tue, 24 May 2022 15:17:52 GMT
- Title: One-Pixel Shortcut: on the Learning Preference of Deep Neural Networks
- Authors: Shutong Wu, Sizhe Chen, Cihang Xie, Xiaolin Huang
- Abstract summary: Unlearnable examples (ULEs) aim to protect data from unauthorized usage for training DNNs.
In adversarial training, the unlearnability of error-minimizing noise will severely degrade.
We propose a novel model-free method, named emphOne-Pixel Shortcut, which only perturbs a single pixel of each image and makes the dataset unlearnable.
- Score: 28.502489028888608
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Unlearnable examples (ULEs) aim to protect data from unauthorized usage for
training DNNs. Error-minimizing noise, which is injected to clean data, is one
of the most successful methods for preventing DNNs from giving correct
predictions on incoming new data. Nonetheless, under specific training
strategies such as adversarial training, the unlearnability of error-minimizing
noise will severely degrade. In addition, the transferability of
error-minimizing noise is inherently limited by the mismatch between the
generator model and the targeted learner model. In this paper, we investigate
the mechanism of unlearnable examples and propose a novel model-free method,
named \emph{One-Pixel Shortcut}, which only perturbs a single pixel of each
image and makes the dataset unlearnable. Our method needs much less
computational cost and obtains stronger transferability and thus can protect
data from a wide range of different models. Based on this, we further introduce
the first unlearnable dataset called CIFAR-10-S, which is indistinguishable
from normal CIFAR-10 by human observers and can serve as a benchmark for
different models or training strategies to evaluate their abilities to extract
critical features from the disturbance of non-semantic representations. The
original error-minimizing ULEs will lose efficiency under adversarial training,
where the model can get over 83\% clean test accuracy. Meanwhile, even if
adversarial training and strong data augmentation like RandAugment are applied
together, the model trained on CIFAR-10-S cannot get over 50\% clean test
accuracy.
Related papers
- Adversarial Robustification via Text-to-Image Diffusion Models [56.37291240867549]
Adrial robustness has been conventionally believed as a challenging property to encode for neural networks.
We develop a scalable and model-agnostic solution to achieve adversarial robustness without using any data.
arXiv Detail & Related papers (2024-07-26T10:49:14Z) - Just How Flexible are Neural Networks in Practice? [89.80474583606242]
It is widely believed that a neural network can fit a training set containing at least as many samples as it has parameters.
In practice, however, we only find solutions via our training procedure, including the gradient and regularizers, limiting flexibility.
arXiv Detail & Related papers (2024-06-17T12:24:45Z) - Nonlinear Transformations Against Unlearnable Datasets [4.876873339297269]
Automated scraping stands out as a common method for collecting data in deep learning models without the authorization of data owners.
Recent studies have begun to tackle the privacy concerns associated with this data collection method.
The data generated by those approaches, called "unlearnable" examples, are prevented "learning" by deep learning models.
arXiv Detail & Related papers (2024-06-05T03:00:47Z) - Two Heads are Better than One: Robust Learning Meets Multi-branch Models [14.72099568017039]
We propose Branch Orthogonality adveRsarial Training (BORT) to obtain state-of-the-art performance with solely the original dataset for adversarial training.
We evaluate our approach on CIFAR-10, CIFAR-100, and SVHN against ell_infty norm-bounded perturbations of size epsilon = 8/255, respectively.
arXiv Detail & Related papers (2022-08-17T05:42:59Z) - Few-Shot Non-Parametric Learning with Deep Latent Variable Model [50.746273235463754]
We propose Non-Parametric learning by Compression with Latent Variables (NPC-LV)
NPC-LV is a learning framework for any dataset with abundant unlabeled data but very few labeled ones.
We show that NPC-LV outperforms supervised methods on all three datasets on image classification in low data regime.
arXiv Detail & Related papers (2022-06-23T09:35:03Z) - DAD: Data-free Adversarial Defense at Test Time [21.741026088202126]
Deep models are highly susceptible to adversarial attacks.
Privacy has become an important concern, restricting access to only trained models but not the training data.
We propose a completely novel problem of 'test-time adversarial defense in absence of training data and even their statistics'
arXiv Detail & Related papers (2022-04-04T15:16:13Z) - Robust Unlearnable Examples: Protecting Data Against Adversarial
Learning [77.6015932710068]
We propose to make data unlearnable for deep learning models by adding a type of error-minimizing noise.
In this paper, we design new methods to generate robust unlearnable examples that are protected from adversarial training.
Experiments show that the unlearnability brought by robust error-minimizing noise can effectively protect data from adversarial training in various scenarios.
arXiv Detail & Related papers (2022-03-28T07:13:51Z) - A Simple Fine-tuning Is All You Need: Towards Robust Deep Learning Via
Adversarial Fine-tuning [90.44219200633286]
We propose a simple yet very effective adversarial fine-tuning approach based on a $textitslow start, fast decay$ learning rate scheduling strategy.
Experimental results show that the proposed adversarial fine-tuning approach outperforms the state-of-the-art methods on CIFAR-10, CIFAR-100 and ImageNet datasets.
arXiv Detail & Related papers (2020-12-25T20:50:15Z) - Probing Model Signal-Awareness via Prediction-Preserving Input
Minimization [67.62847721118142]
We evaluate models' ability to capture the correct vulnerability signals to produce their predictions.
We measure the signal awareness of models using a new metric we propose- Signal-aware Recall (SAR)
The results show a sharp drop in the model's Recall from the high 90s to sub-60s with the new metric.
arXiv Detail & Related papers (2020-11-25T20:05:23Z) - Self-Adaptive Training: beyond Empirical Risk Minimization [15.59721834388181]
We propose a new training algorithm that dynamically corrects problematic labels by model predictions without incurring extra computational cost.
Self-adaptive training significantly improves generalization over various levels of noises, and mitigates the overfitting issue in both natural and adversarial training.
Experiments on CIFAR and ImageNet datasets verify the effectiveness of our approach in two applications.
arXiv Detail & Related papers (2020-02-24T15:47:10Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.