GREAT Score: Global Robustness Evaluation of Adversarial Perturbation
using Generative Models
- URL: http://arxiv.org/abs/2304.09875v2
- Date: Wed, 3 May 2023 01:04:52 GMT
- Title: GREAT Score: Global Robustness Evaluation of Adversarial Perturbation
using Generative Models
- Authors: Zaitang Li, Pin-Yu Chen and Tsung-Yi Ho
- Abstract summary: We present a new framework, called GREAT Score, for global robustness evaluation of adversarial perturbation using generative models.
We show high correlation and significantly reduced cost of GREAT Score when compared to the attack-based model ranking on RobustBench.
GREAT Score can be used for remote auditing of privacy-sensitive black-box models.
- Score: 74.43215520371506
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Current studies on adversarial robustness mainly focus on aggregating local
robustness results from a set of data samples to evaluate and rank different
models. However, the local statistics may not well represent the true global
robustness of the underlying unknown data distribution. To address this
challenge, this paper makes the first attempt to present a new framework,
called GREAT Score , for global robustness evaluation of adversarial
perturbation using generative models. Formally, GREAT Score carries the
physical meaning of a global statistic capturing a mean certified attack-proof
perturbation level over all samples drawn from a generative model. For
finite-sample evaluation, we also derive a probabilistic guarantee on the
sample complexity and the difference between the sample mean and the true mean.
GREAT Score has several advantages: (1) Robustness evaluations using GREAT
Score are efficient and scalable to large models, by sparing the need of
running adversarial attacks. In particular, we show high correlation and
significantly reduced computation cost of GREAT Score when compared to the
attack-based model ranking on RobustBench (Croce,et. al. 2021). (2) The use of
generative models facilitates the approximation of the unknown data
distribution. In our ablation study with different generative adversarial
networks (GANs), we observe consistency between global robustness evaluation
and the quality of GANs. (3) GREAT Score can be used for remote auditing of
privacy-sensitive black-box models, as demonstrated by our robustness
evaluation on several online facial recognition services.
Related papers
- Benchmarking Zero-Shot Robustness of Multimodal Foundation Models: A Pilot Study [61.65123150513683]
multimodal foundation models, such as CLIP, produce state-of-the-art zero-shot results.
It is reported that these models close the robustness gap by matching the performance of supervised models trained on ImageNet.
We show that CLIP leads to a significant robustness drop compared to supervised ImageNet models on our benchmark.
arXiv Detail & Related papers (2024-03-15T17:33:49Z) - Characterizing Data Point Vulnerability via Average-Case Robustness [29.881355412540557]
adversarial robustness is a standard framework, which views robustness of predictions through a binary lens.
We consider a complementary framework for robustness, called average-case robustness, which measures the fraction of points in a local region.
We show empirically that our estimators are accurate and efficient for standard deep learning models.
arXiv Detail & Related papers (2023-07-26T01:10:29Z) - From Adversarial Arms Race to Model-centric Evaluation: Motivating a
Unified Automatic Robustness Evaluation Framework [91.94389491920309]
Textual adversarial attacks can discover models' weaknesses by adding semantic-preserved but misleading perturbations to the inputs.
The existing practice of robustness evaluation may exhibit issues of incomprehensive evaluation, impractical evaluation protocol, and invalid adversarial samples.
We set up a unified automatic robustness evaluation framework, shifting towards model-centric evaluation to exploit the advantages of adversarial attacks.
arXiv Detail & Related papers (2023-05-29T14:55:20Z) - Preserving Knowledge Invariance: Rethinking Robustness Evaluation of
Open Information Extraction [50.62245481416744]
We present the first benchmark that simulates the evaluation of open information extraction models in the real world.
We design and annotate a large-scale testbed in which each example is a knowledge-invariant clique.
By further elaborating the robustness metric, a model is judged to be robust if its performance is consistently accurate on the overall cliques.
arXiv Detail & Related papers (2023-05-23T12:05:09Z) - Revisiting the Evaluation of Image Synthesis with GANs [55.72247435112475]
This study presents an empirical investigation into the evaluation of synthesis performance, with generative adversarial networks (GANs) as a representative of generative models.
In particular, we make in-depth analyses of various factors, including how to represent a data point in the representation space, how to calculate a fair distance using selected samples, and how many instances to use from each set.
arXiv Detail & Related papers (2023-04-04T17:54:32Z) - FedRAD: Federated Robust Adaptive Distillation [7.775374800382709]
Collaborative learning framework by typically aggregating model updates is vulnerable to model poisoning attacks from adversarial clients.
We propose a novel robust aggregation method, Federated Robust Adaptive Distillation (FedRAD), to detect adversaries and robustly aggregate local models.
The results show that FedRAD outperforms all other aggregators in the presence of adversaries, as well as in heterogeneous data distributions.
arXiv Detail & Related papers (2021-12-02T16:50:57Z) - A Comprehensive Evaluation Framework for Deep Model Robustness [44.20580847861682]
Deep neural networks (DNNs) have achieved remarkable performance across a wide area of applications.
They are vulnerable to adversarial examples, which motivates the adversarial defense.
This paper presents a model evaluation framework containing a comprehensive, rigorous, and coherent set of evaluation metrics.
arXiv Detail & Related papers (2021-01-24T01:04:25Z) - On the Evaluation of Generative Adversarial Networks By Discriminative
Models [0.0]
Generative Adversarial Networks (GANs) can accurately model complex multi-dimensional data and generate realistic samples.
The majority of research efforts associated with tackling this issue were validated by qualitative visual evaluation.
In this work, we leverage Siamese neural networks to propose a domain-agnostic evaluation metric.
arXiv Detail & Related papers (2020-10-07T17:50:39Z) - From Sound Representation to Model Robustness [82.21746840893658]
We investigate the impact of different standard environmental sound representations (spectrograms) on the recognition performance and adversarial attack robustness of a victim residual convolutional neural network.
Averaged over various experiments on three environmental sound datasets, we found the ResNet-18 model outperforms other deep learning architectures.
arXiv Detail & Related papers (2020-07-27T17:30:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.