Adversarial Purification with the Manifold Hypothesis

• URL: http://arxiv.org/abs/2210.14404v5
• Date: Wed, 20 Dec 2023 21:30:03 GMT
• Title: Adversarial Purification with the Manifold Hypothesis
• Authors: Zhaoyuan Yang, Zhiwei Xu, Jing Zhang, Richard Hartley, Peter Tu
• Abstract summary: We develop an adversarial purification method with this framework. Our approach can provide adversarial robustness even if attackers are aware of the existence of the defense.
• Score: 14.085013765853226
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: In this work, we formulate a novel framework for adversarial robustness using the manifold hypothesis. This framework provides sufficient conditions for defending against adversarial examples. We develop an adversarial purification method with this framework. Our method combines manifold learning with variational inference to provide adversarial robustness without the need for expensive adversarial training. Experimentally, our approach can provide adversarial robustness even if attackers are aware of the existence of the defense. In addition, our method can also serve as a test-time defense mechanism for variational autoencoders.

Related papers

• Test-time Adversarial Defense with Opposite Adversarial Path and High Attack Time Cost [5.197034517903854]
  We investigate a new test-time adversarial defense method via diffusion-based recovery along opposite adversarial paths (OAPs) We present a purifier that can be plugged into a pre-trained model to resist adversarial attacks.
  arXiv  Detail & Related papers  (2024-10-22T08:32:17Z)
• Position: Towards Resilience Against Adversarial Examples [42.09231029292568]
  We provide a definition of adversarial resilience and outline considerations of designing an adversarially resilient defense. We then introduce a subproblem of adversarial resilience which we call continual adaptive robustness. We demonstrate the connection between continual adaptive robustness and previously studied problems of multiattack robustness and unforeseen attack robustness.
  arXiv  Detail & Related papers  (2024-05-02T14:58:44Z)
• Unlearning Backdoor Threats: Enhancing Backdoor Defense in Multimodal Contrastive Learning via Local Token Unlearning [49.242828934501986]
  Multimodal contrastive learning has emerged as a powerful paradigm for building high-quality features. backdoor attacks subtly embed malicious behaviors within the model during training. We introduce an innovative token-based localized forgetting training regime.
  arXiv  Detail & Related papers  (2024-03-24T18:33:15Z)
• AdvFAS: A robust face anti-spoofing framework against adversarial examples [24.07755324680827]
  We propose a robust face anti-spoofing framework, namely AdvFAS, that leverages two coupled scores to accurately distinguish between correctly detected and wrongly detected face images. Experiments demonstrate the effectiveness of our framework in a variety of settings, including different attacks, datasets, and backbones.
  arXiv  Detail & Related papers  (2023-08-04T02:47:19Z)
• Measuring Equality in Machine Learning Security Defenses: A Case Study in Speech Recognition [56.69875958980474]
  This work considers approaches to defending learned systems and how security defenses result in performance inequities across different sub-populations. We find that many methods that have been proposed can cause direct harm, like false rejection and unequal benefits from robustness training. We present a comparison of equality between two rejection-based defenses: randomized smoothing and neural rejection, finding randomized smoothing more equitable due to the sampling mechanism for minority groups.
  arXiv  Detail & Related papers  (2023-02-17T16:19:26Z)
• Towards A Conceptually Simple Defensive Approach for Few-shot classifiers Against Adversarial Support Samples [107.38834819682315]
  We study a conceptually simple approach to defend few-shot classifiers against adversarial attacks. We propose a simple attack-agnostic detection method, using the concept of self-similarity and filtering. Our evaluation on the miniImagenet (MI) and CUB datasets exhibit good attack detection performance.
  arXiv  Detail & Related papers  (2021-10-24T05:46:03Z)
• Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness [53.094682754683255]
  We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically. Our method learns the in adversarial attacks parameterized by a recurrent neural network. We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
  arXiv  Detail & Related papers  (2021-10-13T13:54:24Z)
• Adversarial Visual Robustness by Causal Intervention [56.766342028800445]
  Adversarial training is the de facto most promising defense against adversarial examples. Yet, its passive nature inevitably prevents it from being immune to unknown attackers. We provide a causal viewpoint of adversarial vulnerability: the cause is the confounder ubiquitously existing in learning.
  arXiv  Detail & Related papers  (2021-06-17T14:23:54Z)
• Adversarial robustness via stochastic regularization of neural activation sensitivity [24.02105949163359]
  We suggest a novel defense mechanism that simultaneously addresses both defense goals. We flatten the gradients of the loss surface, making adversarial examples harder to find. In addition, we push the decision away from correctly classified inputs by leveraging Jacobian regularization.
  arXiv  Detail & Related papers  (2020-09-23T19:31:55Z)
• Towards Robust Deep Learning with Ensemble Networks and Noisy Layers [2.2843885788439793]
  We provide an approach for deep learning that protects against adversarial examples in image classification-type networks. The approach relies on two mechanisms:1) a mechanism that increases robustness at the expense of accuracy, and, 2) a mechanism that improves accuracy but does not always increase robustness.
  arXiv  Detail & Related papers  (2020-07-03T06:04:02Z)
• Defensive Few-shot Learning [77.82113573388133]
  This paper investigates a new challenging problem called defensive few-shot learning. It aims to learn a robust few-shot model against adversarial attacks. The proposed framework can effectively make the existing few-shot models robust against adversarial attacks.
  arXiv  Detail & Related papers  (2019-11-16T05:57:16Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.