Distribution-restrained Softmax Loss for the Model Robustness

• URL: http://arxiv.org/abs/2303.12363v1
• Date: Wed, 22 Mar 2023 07:56:59 GMT
• Title: Distribution-restrained Softmax Loss for the Model Robustness
• Authors: Hao Wang, Chen Li, Jinzhe Jiang, Xin Zhang, Yaqian Zhao and Weifeng Gong
• Abstract summary: We identify a significant factor that affects the robustness of models. We propose a loss function to suppress the distribution diversity of softmax. A large number of experiments have shown that our method can improve robustness without significant time consumption.
• Score: 11.166004203932351
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recently, the robustness of deep learning models has received widespread attention, and various methods for improving model robustness have been proposed, including adversarial training, model architecture modification, design of loss functions, certified defenses, and so on. However, the principle of the robustness to attacks is still not fully understood, also the related research is still not sufficient. Here, we have identified a significant factor that affects the robustness of models: the distribution characteristics of softmax values for non-real label samples. We found that the results after an attack are highly correlated with the distribution characteristics, and thus we proposed a loss function to suppress the distribution diversity of softmax. A large number of experiments have shown that our method can improve robustness without significant time consumption.

Related papers

• The Risk of Federated Learning to Skew Fine-Tuning Features and Underperform Out-of-Distribution Robustness [50.52507648690234]
  Federated learning has the risk of skewing fine-tuning features and compromising the robustness of the model. We introduce three robustness indicators and conduct experiments across diverse robust datasets. Our approach markedly enhances the robustness across diverse scenarios, encompassing various parameter-efficient fine-tuning methods.
  arXiv  Detail & Related papers  (2024-01-25T09:18:51Z)
• RobustMQ: Benchmarking Robustness of Quantized Models [54.15661421492865]
  Quantization is an essential technique for deploying deep neural networks (DNNs) on devices with limited resources. We thoroughly evaluated the robustness of quantized models against various noises (adrial attacks, natural corruptions, and systematic noises) on ImageNet. Our research contributes to advancing the robust quantization of models and their deployment in real-world scenarios.
  arXiv  Detail & Related papers  (2023-08-04T14:37:12Z)
• On the Robustness of Removal-Based Feature Attributions [17.679374058425346]
  We theoretically characterize the properties of robustness of removal-based feature attributions. Specifically, we provide a unified analysis of such methods and derive upper bounds for the difference between intact and perturbed attributions. Our results on synthetic and real-world data validate our theoretical results and demonstrate their practical implications.
  arXiv  Detail & Related papers  (2023-06-12T23:33:13Z)
• Density-Softmax: Efficient Test-time Model for Uncertainty Estimation and Robustness under Distribution Shifts [8.431465371266391]
  Density-Softmax is a sampling-free deterministic framework for uncertainty estimation. We show that our model is the solution of minimax uncertainty risk. Our method enjoys competitive results with state-of-the-art techniques in terms of uncertainty and robustness.
  arXiv  Detail & Related papers  (2023-02-13T16:21:03Z)
• Fairness Increases Adversarial Vulnerability [50.90773979394264]
  This paper shows the existence of a dichotomy between fairness and robustness, and analyzes when achieving fairness decreases the model robustness to adversarial samples. Experiments on non-linear models and different architectures validate the theoretical findings in multiple vision domains. The paper proposes a simple, yet effective, solution to construct models achieving good tradeoffs between fairness and robustness.
  arXiv  Detail & Related papers  (2022-11-21T19:55:35Z)
• The Evolution of Out-of-Distribution Robustness Throughout Fine-Tuning [25.85044477227461]
  Models that are more accurate on the out-of-distribution data relative to this baseline exhibit "effective robustness" We find that models pre-trained on larger datasets exhibit effective robustness during training that vanishes at convergence. We discuss several strategies for scaling effective robustness to the high-accuracy regime to improve the out-of-distribution accuracy of state-of-the-art models.
  arXiv  Detail & Related papers  (2021-06-30T06:21:42Z)
• High-Robustness, Low-Transferability Fingerprinting of Neural Networks [78.2527498858308]
  This paper proposes Characteristic Examples for effectively fingerprinting deep neural networks. It features high-robustness to the base model against model pruning as well as low-transferability to unassociated models.
  arXiv  Detail & Related papers  (2021-05-14T21:48:23Z)
• Voting based ensemble improves robustness of defensive models [82.70303474487105]
  We study whether it is possible to create an ensemble to further improve robustness. By ensembling several state-of-the-art pre-trained defense models, our method can achieve a 59.8% robust accuracy.
  arXiv  Detail & Related papers  (2020-11-28T00:08:45Z)
• Uncertainty Estimation Using a Single Deep Deterministic Neural Network [66.26231423824089]
  We propose a method for training a deterministic deep model that can find and reject out of distribution data points at test time with a single forward pass. We scale training in these with a novel loss function and centroid updating scheme and match the accuracy of softmax models.
  arXiv  Detail & Related papers  (2020-03-04T12:27:36Z)
• Revisiting Ensembles in an Adversarial Context: Improving Natural Accuracy [5.482532589225552]
  There is still a significant gap in natural accuracy between robust and non-robust models. We consider a number of ensemble methods designed to mitigate this performance difference. We consider two schemes, one that combines predictions from several randomly robust models, and the other that fuses features from robust and standard models.
  arXiv  Detail & Related papers  (2020-02-26T15:45:58Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.