Exploring and Exploiting Decision Boundary Dynamics for Adversarial Robustness

• URL: http://arxiv.org/abs/2302.03015v2
• Date: Sat, 15 Apr 2023 21:18:41 GMT
• Title: Exploring and Exploiting Decision Boundary Dynamics for Adversarial Robustness
• Authors: Yuancheng Xu, Yanchao Sun, Micah Goldblum, Tom Goldstein, Furong Huang
• Abstract summary: It is unclear whether existing robust training methods effectively increase the margin for each vulnerable point during training. We propose a continuous-time framework for quantifying the relative speed of the decision boundary with respect to each individual point. We propose Dynamics-aware Robust Training (DyART), which encourages the decision boundary to engage in movement that prioritizes increasing smaller margins.
• Score: 59.948529997062586
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The robustness of a deep classifier can be characterized by its margins: the decision boundary's distances to natural data points. However, it is unclear whether existing robust training methods effectively increase the margin for each vulnerable point during training. To understand this, we propose a continuous-time framework for quantifying the relative speed of the decision boundary with respect to each individual point. Through visualizing the moving speed of the decision boundary under Adversarial Training, one of the most effective robust training algorithms, a surprising moving-behavior is revealed: the decision boundary moves away from some vulnerable points but simultaneously moves closer to others, decreasing their margins. To alleviate these conflicting dynamics of the decision boundary, we propose Dynamics-aware Robust Training (DyART), which encourages the decision boundary to engage in movement that prioritizes increasing smaller margins. In contrast to prior works, DyART directly operates on the margins rather than their indirect approximations, allowing for more targeted and effective robustness improvement. Experiments on the CIFAR-10 and Tiny-ImageNet datasets verify that DyART alleviates the conflicting dynamics of the decision boundary and obtains improved robustness under various perturbation sizes compared to the state-of-the-art defenses. Our code is available at https://github.com/Yuancheng-Xu/Dynamics-Aware-Robust-Training.

Related papers

• Dynamic Position Transformation and Boundary Refinement Network for Left Atrial Segmentation [17.09918110723713]
  Left atrial (LA) segmentation is a crucial technique for irregular heartbeat (i.e., atrial fibrillation) diagnosis. Most current methods for LA segmentation strictly assume that the input data is acquired using object-oriented center cropping. We propose a novel Dynamic Position transformation and Boundary refinement Network (DPBNet) to tackle these issues.
  arXiv  Detail & Related papers  (2024-07-07T22:09:35Z)
• Certified Robustness via Dynamic Margin Maximization and Improved Lipschitz Regularization [43.98504250013897]
  We develop a robust training algorithm to increase the margin in the output (logit) space while regularizing the Lipschitz constant of the model along vulnerable directions. The relative accuracy of the bounds prevents excessive regularization and allows for more direct manipulation of the decision boundary. Experiments on the MNIST, CIFAR-10, and Tiny-ImageNet data sets verify that our proposed algorithm obtains competitively improved results compared to the state-of-the-art.
  arXiv  Detail & Related papers  (2023-09-29T20:07:02Z)
• Dynamic Interval Restrictions on Action Spaces in Deep Reinforcement Learning for Obstacle Avoidance [0.0]
  In this thesis, we consider the problem of interval restrictions as they occur in pathfinding with dynamic obstacles. Recent research learns with strong assumptions on the number of intervals, is limited to convex subsets. We propose two approaches that are independent of the state of the environment by extending parameterized reinforcement learning and ConstraintNet to handle an arbitrary number of intervals.
  arXiv  Detail & Related papers  (2023-06-13T09:13:13Z)
• Taming Lagrangian Chaos with Multi-Objective Reinforcement Learning [0.0]
  We consider the problem of two active particles in 2D complex flows with the multi-objective goals of minimizing both the dispersion rate and the energy consumption of the pair. We approach the problem by means of Multi Objective Reinforcement Learning (MORL), combining scalarization techniques together with a Q-learning algorithm, for Lagrangian drifters that have variable swimming velocity.
  arXiv  Detail & Related papers  (2022-12-19T16:50:58Z)
• Reinforcement Learning with a Terminator [80.34572413850186]
  We learn the parameters of the TerMDP and leverage the structure of the estimation problem to provide state-wise confidence bounds. We use these to construct a provably-efficient algorithm, which accounts for termination, and bound its regret.
  arXiv  Detail & Related papers  (2022-05-30T18:40:28Z)
• Identification and Avoidance of Static and Dynamic Obstacles on Point Cloud for UAVs Navigation [7.14505983271756]
  We introduce a technique to distinguish dynamic obstacles from static ones with only point cloud input. A computationally efficient obstacle avoidance motion planning approach is proposed and it is in line with an improved relative velocity method. The approach is able to avoid both static obstacles and dynamic ones in the same framework.
  arXiv  Detail & Related papers  (2021-05-14T02:44:18Z)
• Learning Salient Boundary Feature for Anchor-free Temporal Action Localization [81.55295042558409]
  Temporal action localization is an important yet challenging task in video understanding. We propose the first purely anchor-free temporal localization method. Our model includes (i) an end-to-end trainable basic predictor, (ii) a saliency-based refinement module, and (iii) several consistency constraints.
  arXiv  Detail & Related papers  (2021-03-24T12:28:32Z)
• Attribute-Guided Adversarial Training for Robustness to Natural Perturbations [64.35805267250682]
  We propose an adversarial training approach which learns to generate new samples so as to maximize exposure of the classifier to the attributes-space. Our approach enables deep neural networks to be robust against a wide range of naturally occurring perturbations.
  arXiv  Detail & Related papers  (2020-12-03T10:17:30Z)
• Robust Reinforcement Learning with Wasserstein Constraint [49.86490922809473]
  We show the existence of optimal robust policies, provide a sensitivity analysis for the perturbations, and then design a novel robust learning algorithm. The effectiveness of the proposed algorithm is verified in the Cart-Pole environment.
  arXiv  Detail & Related papers  (2020-06-01T13:48:59Z)
• Hold me tight! Influence of discriminative features on deep network boundaries [63.627760598441796]
  We propose a new perspective that relates dataset features to the distance of samples to the decision boundary. This enables us to carefully tweak the position of the training samples and measure the induced changes on the boundaries of CNNs trained on large-scale vision datasets.
  arXiv  Detail & Related papers  (2020-02-15T09:29:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.