DataFreeShield: Defending Adversarial Attacks without Training Data

• URL: http://arxiv.org/abs/2406.15635v1
• Date: Fri, 21 Jun 2024 20:24:03 GMT
• Title: DataFreeShield: Defending Adversarial Attacks without Training Data
• Authors: Hyeyoon Lee, Kanghyun Choi, Dain Kwon, Sunjong Park, Mayoore Selvarasa Jaiswal, Noseong Park, Jonghyun Choi, Jinho Lee,
• Abstract summary: We investigate the problem of data-free adversarial robustness, where we try to achieve robustness without accessing real data. We propose DataFreeShield, which tackles the problem from two perspectives: surrogate dataset generation and adversarial training. We show that DataFreeShield outperforms baselines, demonstrating that the proposed method sets the first entirely data-free solution for the adversarial robustness problem.
• Score: 32.29186953320468
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Recent advances in adversarial robustness rely on an abundant set of training data, where using external or additional datasets has become a common setting. However, in real life, the training data is often kept private for security and privacy issues, while only the pretrained weight is available to the public. In such scenarios, existing methods that assume accessibility to the original data become inapplicable. Thus we investigate the pivotal problem of data-free adversarial robustness, where we try to achieve adversarial robustness without accessing any real data. Through a preliminary study, we highlight the severity of the problem by showing that robustness without the original dataset is difficult to achieve, even with similar domain datasets. To address this issue, we propose DataFreeShield, which tackles the problem from two perspectives: surrogate dataset generation and adversarial training using the generated data. Through extensive validation, we show that DataFreeShield outperforms baselines, demonstrating that the proposed method sets the first entirely data-free solution for the adversarial robustness problem.

Related papers

• Towards Generalizable Data Protection With Transferable Unlearnable Examples [50.628011208660645]
  We present a novel, generalizable data protection method by generating transferable unlearnable examples. To the best of our knowledge, this is the first solution that examines data privacy from the perspective of data distribution.
  arXiv  Detail & Related papers  (2023-05-18T04:17:01Z)
• Stop Uploading Test Data in Plain Text: Practical Strategies for Mitigating Data Contamination by Evaluation Benchmarks [70.39633252935445]
  Data contamination has become prevalent and challenging with the rise of models pretrained on large automatically-crawled corpora. For closed models, the training data becomes a trade secret, and even for open models, it is not trivial to detect contamination. We propose three strategies that can make a difference: (1) Test data made public should be encrypted with a public key and licensed to disallow derivative distribution; (2) demand training exclusion controls from closed API holders, and protect your test data by refusing to evaluate without them; and (3) avoid data which appears with its solution on the internet, and release the web-page context of internet-derived
  arXiv  Detail & Related papers  (2023-05-17T12:23:38Z)
• Towards Robust Dataset Learning [90.2590325441068]
  We propose a principled, tri-level optimization to formulate the robust dataset learning problem. Under an abstraction model that characterizes robust vs. non-robust features, the proposed method provably learns a robust dataset.
  arXiv  Detail & Related papers  (2022-11-19T17:06:10Z)
• Private Set Generation with Discriminative Information [63.851085173614]
  Differentially private data generation is a promising solution to the data privacy challenge. Existing private generative models are struggling with the utility of synthetic samples. We introduce a simple yet effective method that greatly improves the sample utility of state-of-the-art approaches.
  arXiv  Detail & Related papers  (2022-11-07T10:02:55Z)
• Transferable Unlearnable Examples [63.64357484690254]
  Un unlearnable strategies have been introduced to prevent third parties from training on the data without permission. They add perturbations to the users' data before publishing, which aims to make the models trained on the published dataset invalidated. We propose a novel unlearnable strategy based on Classwise Separability Discriminant (CSD), which aims to better transfer the unlearnable effects to other training settings and datasets.
  arXiv  Detail & Related papers  (2022-10-18T19:23:52Z)
• Data Profiling for Adversarial Training: On the Ruin of Problematic Data [27.11328449349065]
  Problems in adversarial training include robustness-accuracy trade-off, robust overfitting, and gradient masking. We show that these problems share one common cause -- low quality samples in the dataset. We find that when problematic data is removed, robust overfitting and gradient masking can be largely alleviated.
  arXiv  Detail & Related papers  (2021-02-15T10:17:24Z)
• Data-driven Regularized Inference Privacy [33.71757542373714]
  We propose a data-driven inference privacy preserving framework to sanitize data. We develop an inference privacy framework based on the variational method. We present empirical methods to estimate the privacy metric.
  arXiv  Detail & Related papers  (2020-10-10T08:42:59Z)
• SPEED: Secure, PrivatE, and Efficient Deep learning [2.283665431721732]
  We introduce a deep learning framework able to deal with strong privacy constraints. Based on collaborative learning, differential privacy and homomorphic encryption, the proposed approach advances state-of-the-art.
  arXiv  Detail & Related papers  (2020-06-16T19:31:52Z)
• PrivGen: Preserving Privacy of Sequences Through Data Generation [14.579475552088688]
  Sequential data can serve as a basis for research that will lead to improved processes. Access and use of such data is usually limited or not permitted at all due to concerns about violating user privacy. We propose PrivGen, an innovative method for generating data that maintains patterns and characteristics of the source data.
  arXiv  Detail & Related papers  (2020-02-23T05:43:15Z)
• DeGAN : Data-Enriching GAN for Retrieving Representative Samples from a Trained Classifier [58.979104709647295]
  We bridge the gap between the abundance of available data and lack of relevant data, for the future learning tasks of a trained network. We use the available data, that may be an imbalanced subset of the original training dataset, or a related domain dataset, to retrieve representative samples. We demonstrate that data from a related domain can be leveraged to achieve state-of-the-art performance.
  arXiv  Detail & Related papers  (2019-12-27T02:05:45Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.