Latent Feature Relation Consistency for Adversarial Robustness
- URL: http://arxiv.org/abs/2303.16697v1
- Date: Wed, 29 Mar 2023 13:50:01 GMT
- Title: Latent Feature Relation Consistency for Adversarial Robustness
- Authors: Xingbin Liu, Huafeng Kuang, Hong Liu, Xianming Lin, Yongjian Wu,
Rongrong Ji
- Abstract summary: misclassification will occur when deep neural networks predict adversarial examples which add human-imperceptible adversarial noise to natural examples.
We propose textbfLatent textbfFeature textbfRelation textbfConsistency (textbfLFRC)
LFRC constrains the relation of adversarial examples in latent space to be consistent with the natural examples.
- Score: 80.24334635105829
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep neural networks have been applied in many computer vision tasks and
achieved state-of-the-art performance. However, misclassification will occur
when DNN predicts adversarial examples which add human-imperceptible
adversarial noise to natural examples. This limits the application of DNN in
security-critical fields. To alleviate this problem, we first conducted an
empirical analysis of the latent features of both adversarial and natural
examples and found the similarity matrix of natural examples is more compact
than those of adversarial examples. Motivated by this observation, we propose
\textbf{L}atent \textbf{F}eature \textbf{R}elation \textbf{C}onsistency
(\textbf{LFRC}), which constrains the relation of adversarial examples in
latent space to be consistent with the natural examples. Importantly, our LFRC
is orthogonal to the previous method and can be easily combined with them to
achieve further improvement. To demonstrate the effectiveness of LFRC, we
conduct extensive experiments using different neural networks on benchmark
datasets. For instance, LFRC can bring 0.78\% further improvement compared to
AT, and 1.09\% improvement compared to TRADES, against AutoAttack on CIFAR10.
Code is available at https://github.com/liuxingbin/LFRC.
Related papers
- Evaluating Model Robustness Using Adaptive Sparse L0 Regularization [5.772716337390152]
adversarial examples challenge existing defenses by altering a minimal subset of features.
Current L0 norm attack methodologies face a trade off between accuracy and efficiency.
This paper proposes a novel, scalable, and effective approach to generate adversarial examples based on the L0 norm.
arXiv Detail & Related papers (2024-08-28T11:02:23Z) - Improving Adversarial Training using Vulnerability-Aware Perturbation
Budget [7.430861908931903]
Adversarial Training (AT) effectively improves the robustness of Deep Neural Networks (DNNs) to adversarial attacks.
We propose two simple, computationally cheap vulnerability-aware reweighting functions for assigning perturbation bounds to adversarial examples used for AT.
Experimental results show that the proposed methods yield genuine improvements in the robustness of AT algorithms against various adversarial attacks.
arXiv Detail & Related papers (2024-03-06T21:50:52Z) - Robustness Against Adversarial Attacks via Learning Confined Adversarial
Polytopes [0.0]
Deep neural networks (DNNs) could be deceived by generating human-imperceptible perturbations of clean samples.
In this paper, we aim to train robust DNNs by limiting the set of outputs reachable via a norm-bounded perturbation added to a clean sample.
arXiv Detail & Related papers (2024-01-15T22:31:15Z) - Noisy Correspondence Learning with Self-Reinforcing Errors Mitigation [63.180725016463974]
Cross-modal retrieval relies on well-matched large-scale datasets that are laborious in practice.
We introduce a novel noisy correspondence learning framework, namely textbfSelf-textbfReinforcing textbfErrors textbfMitigation (SREM)
arXiv Detail & Related papers (2023-12-27T09:03:43Z) - Enhancing Robust Representation in Adversarial Training: Alignment and
Exclusion Criteria [61.048842737581865]
We show that Adversarial Training (AT) omits to learning robust features, resulting in poor performance of adversarial robustness.
We propose a generic framework of AT to gain robust representation, by the asymmetric negative contrast and reverse attention.
Empirical evaluations on three benchmark datasets show our methods greatly advance the robustness of AT and achieve state-of-the-art performance.
arXiv Detail & Related papers (2023-10-05T07:29:29Z) - Hessian-Free Second-Order Adversarial Examples for Adversarial Learning [6.835470949075655]
Adversarial learning with elaborately designed adversarial examples is one of the most effective methods to defend against such an attack.
Most existing adversarial examples generation methods are based on first-order gradients, which can hardly further improve models' robustness.
We propose an approximation method through transforming the problem into an optimization in the Krylov subspace, which remarkably reduce the computational complexity to speed up the training procedure.
arXiv Detail & Related papers (2022-07-04T13:29:27Z) - Latent Boundary-guided Adversarial Training [61.43040235982727]
Adrial training is proved to be the most effective strategy that injects adversarial examples into model training.
We propose a novel adversarial training framework called LAtent bounDary-guided aDvErsarial tRaining.
arXiv Detail & Related papers (2022-06-08T07:40:55Z) - On the Convergence and Robustness of Adversarial Training [134.25999006326916]
Adrial training with Project Gradient Decent (PGD) is amongst the most effective.
We propose a textitdynamic training strategy to increase the convergence quality of the generated adversarial examples.
Our theoretical and empirical results show the effectiveness of the proposed method.
arXiv Detail & Related papers (2021-12-15T17:54:08Z) - Explaining and Improving Model Behavior with k Nearest Neighbor
Representations [107.24850861390196]
We propose using k nearest neighbor representations to identify training examples responsible for a model's predictions.
We show that kNN representations are effective at uncovering learned spurious associations.
Our results indicate that the kNN approach makes the finetuned model more robust to adversarial inputs.
arXiv Detail & Related papers (2020-10-18T16:55:25Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.