Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck
- URL: http://arxiv.org/abs/2303.14096v1
- Date: Fri, 24 Mar 2023 16:03:21 GMT
- Title: Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck
- Authors: Jongheon Jeong, Sihyun Yu, Hankook Lee, Jinwoo Shin
- Abstract summary: In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition.
We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training.
We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
- Score: 77.37409441129995
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In practical scenarios where training data is limited, many predictive
signals in the data can be rather from some biases in data acquisition (i.e.,
less generalizable), so that one cannot prevent a model from co-adapting on
such (so-called) "shortcut" signals: this makes the model fragile in various
distribution shifts. To bypass such failure modes, we consider an adversarial
threat model under a mutual information constraint to cover a wider class of
perturbations in training. This motivates us to extend the standard information
bottleneck to additionally model the nuisance information. We propose an
autoencoder-based training to implement the objective, as well as practical
encoder designs to facilitate the proposed hybrid discriminative-generative
training concerning both convolutional- and Transformer-based architectures.
Our experimental results show that the proposed scheme improves robustness of
learned representations (remarkably without using any domain-specific
knowledge), with respect to multiple challenging reliability measures. For
example, our model could advance the state-of-the-art on a recent challenging
OBJECTS benchmark in novelty detection by $78.4\% \rightarrow 87.2\%$ in AUROC,
while simultaneously enjoying improved corruption, background and (certified)
adversarial robustness. Code is available at
https://github.com/jh-jeong/nuisance_ib.
Related papers
- MOREL: Enhancing Adversarial Robustness through Multi-Objective Representation Learning [1.534667887016089]
deep neural networks (DNNs) are vulnerable to slight adversarial perturbations.
We show that strong feature representation learning during training can significantly enhance the original model's robustness.
We propose MOREL, a multi-objective feature representation learning approach, encouraging classification models to produce similar features for inputs within the same class, despite perturbations.
arXiv Detail & Related papers (2024-10-02T16:05:03Z) - Adversarial Robustification via Text-to-Image Diffusion Models [56.37291240867549]
Adrial robustness has been conventionally believed as a challenging property to encode for neural networks.
We develop a scalable and model-agnostic solution to achieve adversarial robustness without using any data.
arXiv Detail & Related papers (2024-07-26T10:49:14Z) - Effective and Robust Adversarial Training against Data and Label Corruptions [35.53386268796071]
Corruptions due to data perturbations and label noise are prevalent in the datasets from unreliable sources.
We develop an Effective and Robust Adversarial Training framework to simultaneously handle two types of corruption.
arXiv Detail & Related papers (2024-05-07T10:53:20Z) - Segue: Side-information Guided Generative Unlearnable Examples for
Facial Privacy Protection in Real World [64.4289385463226]
We propose Segue: Side-information guided generative unlearnable examples.
To improve transferability, we introduce side information such as true labels and pseudo labels.
It can resist JPEG compression, adversarial training, and some standard data augmentations.
arXiv Detail & Related papers (2023-10-24T06:22:37Z) - Learning to Generate Training Datasets for Robust Semantic Segmentation [37.9308918593436]
We propose a novel approach to improve the robustness of semantic segmentation techniques.
We design Robusta, a novel conditional generative adversarial network to generate realistic and plausible perturbed images.
Our results suggest that this approach could be valuable in safety-critical applications.
arXiv Detail & Related papers (2023-08-01T10:02:26Z) - RelaxLoss: Defending Membership Inference Attacks without Losing Utility [68.48117818874155]
We propose a novel training framework based on a relaxed loss with a more achievable learning target.
RelaxLoss is applicable to any classification model with added benefits of easy implementation and negligible overhead.
Our approach consistently outperforms state-of-the-art defense mechanisms in terms of resilience against MIAs.
arXiv Detail & Related papers (2022-07-12T19:34:47Z) - Stylized Adversarial Defense [105.88250594033053]
adversarial training creates perturbation patterns and includes them in the training set to robustify the model.
We propose to exploit additional information from the feature space to craft stronger adversaries.
Our adversarial training approach demonstrates strong robustness compared to state-of-the-art defenses.
arXiv Detail & Related papers (2020-07-29T08:38:10Z) - Learning Diverse Representations for Fast Adaptation to Distribution
Shift [78.83747601814669]
We present a method for learning multiple models, incorporating an objective that pressures each to learn a distinct way to solve the task.
We demonstrate our framework's ability to facilitate rapid adaptation to distribution shift.
arXiv Detail & Related papers (2020-06-12T12:23:50Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.