Related papers: HALO: Robust Out-of-Distribution Detection via Joint Optimisation

HALO: Robust Out-of-Distribution Detection via Joint Optimisation

URL: http://arxiv.org/abs/2502.19755v1
Date: Thu, 27 Feb 2025 04:40:18 GMT
Title: HALO: Robust Out-of-Distribution Detection via Joint Optimisation
Authors: Hugo Lyons Keenan, Sarah Erfani, Christopher Leckie,
Abstract summary: Effective out-of-distribution (OOD) detection is crucial for the safe deployment of machine learning models in real-world scenarios.<n>Recent work has shown that OOD detection methods are vulnerable to adversarial attacks, potentially leading to critical failures in high-stakes applications.<n>We introduce an additional loss term which boosts classification and detection performance.<n>Our approach, called HALO, surpasses existing methods and achieves state-of-the-art performance across a number of datasets and attack settings.
Score: 11.107924895663173
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Effective out-of-distribution (OOD) detection is crucial for the safe deployment of machine learning models in real-world scenarios. However, recent work has shown that OOD detection methods are vulnerable to adversarial attacks, potentially leading to critical failures in high-stakes applications. This discovery has motivated work on robust OOD detection methods that are capable of maintaining performance under various attack settings. Prior approaches have made progress on this problem but face a number of limitations: often only exhibiting robustness to attacks on OOD data or failing to maintain strong clean performance. In this work, we adapt an existing robust classification framework, TRADES, extending it to the problem of robust OOD detection and discovering a novel objective function. Recognising the critical importance of a strong clean/robust trade-off for OOD detection, we introduce an additional loss term which boosts classification and detection performance. Our approach, called HALO (Helper-based AdversariaL OOD detection), surpasses existing methods and achieves state-of-the-art performance across a number of datasets and attack settings. Extensive experiments demonstrate an average AUROC improvement of 3.15 in clean settings and 7.07 under adversarial attacks when compared to the next best method. Furthermore, HALO exhibits resistance to transferred attacks, offers tuneable performance through hyperparameter selection, and is compatible with existing OOD detection frameworks out-of-the-box, leaving open the possibility of future performance gains. Code is available at: https://github.com/hugo0076/HALO

Related papers

Enhancing Out-of-Distribution Detection with Extended Logit Normalization [8.243349010573242]
Out-of-distribution (OOD) detection is essential for the safe deployment of machine learning models. Recent advances have explored improved classification losses and representation learning strategies to enhance OOD detection. These methods are often tailored to specific post-hoc detection techniques, limiting their generalizability.
arXiv Detail & Related papers (2025-04-15T17:51:35Z)
Out-of-Distribution Detection using Synthetic Data Generation [21.612592503592143]
In- and out-of-distribution (OOD) inputs are crucial for reliable deployment of classification systems. We present a method that harnesses the generative capabilities of Large Language Models (LLMs) to create high-quality synthetic OOD proxies.
arXiv Detail & Related papers (2025-02-05T16:22:09Z)
The Best of Both Worlds: On the Dilemma of Out-of-distribution Detection [75.65876949930258]
Out-of-distribution (OOD) detection is essential for model trustworthiness. We show that the superior OOD detection performance of state-of-the-art methods is achieved by secretly sacrificing the OOD generalization ability.
arXiv Detail & Related papers (2024-10-12T07:02:04Z)
Skeleton-OOD: An End-to-End Skeleton-Based Model for Robust Out-of-Distribution Human Action Detection [17.85872085904999]
We propose a novel end-to-end skeleton-based model called Skeleton-OOD.<n>Skeleton-OOD is committed to improving the effectiveness of OOD tasks while ensuring the accuracy of ID recognition.<n>Our findings underscore the effectiveness of classic OOD detection techniques in the context of skeleton-based action recognition tasks.
arXiv Detail & Related papers (2024-05-31T05:49:37Z)
AUTO: Adaptive Outlier Optimization for Online Test-Time OOD Detection [81.49353397201887]
Out-of-distribution (OOD) detection is crucial to deploying machine learning models in open-world applications. We introduce a novel paradigm called test-time OOD detection, which utilizes unlabeled online data directly at test time to improve OOD detection performance. We propose adaptive outlier optimization (AUTO), which consists of an in-out-aware filter, an ID memory bank, and a semantically-consistent objective.
arXiv Detail & Related papers (2023-03-22T02:28:54Z)
Free Lunch for Generating Effective Outlier Supervision [46.37464572099351]
We propose an ultra-effective method to generate near-realistic outlier supervision. Our proposed textttBayesAug significantly reduces the false positive rate over 12.50% compared with the previous schemes.
arXiv Detail & Related papers (2023-01-17T01:46:45Z)
Rainproof: An Umbrella To Shield Text Generators From Out-Of-Distribution Data [41.62897997865578]
Key ingredient to ensure safe system behaviour is Out-Of-Distribution detection. Most methods rely on hidden features output by the encoder. In this work, we focus on leveraging soft-probabilities in a black-box framework.
arXiv Detail & Related papers (2022-12-18T21:22:28Z)
Diffusion Denoising Process for Perceptron Bias in Out-of-distribution Detection [67.49587673594276]
We introduce a new perceptron bias assumption that suggests discriminator models are more sensitive to certain features of the input, leading to the overconfidence problem. We demonstrate that the diffusion denoising process (DDP) of DMs serves as a novel form of asymmetric, which is well-suited to enhance the input and mitigate the overconfidence problem. Our experiments on CIFAR10, CIFAR100, and ImageNet show that our method outperforms SOTA approaches.
arXiv Detail & Related papers (2022-11-21T08:45:08Z)
How to Exploit Hyperspherical Embeddings for Out-of-Distribution Detection? [22.519572587827213]
CIDER is a representation learning framework that exploits hyperspherical embeddings for OOD detection. CIDER establishes superior performance, outperforming the latest rival by 19.36% in FPR95.
arXiv Detail & Related papers (2022-03-08T23:44:01Z)
Provably Robust Detection of Out-of-distribution Data (almost) for free [124.14121487542613]
Deep neural networks are known to produce highly overconfident predictions on out-of-distribution (OOD) data. In this paper we propose a novel method where from first principles we combine a certifiable OOD detector with a standard classifier into an OOD aware classifier. In this way we achieve the best of two worlds: certifiably adversarially robust OOD detection, even for OOD samples close to the in-distribution, without loss in prediction accuracy and close to state-of-the-art OOD detection performance for non-manipulated OOD data.
arXiv Detail & Related papers (2021-06-08T11:40:49Z)
ATOM: Robustifying Out-of-distribution Detection Using Outlier Mining [51.19164318924997]
Adrial Training with informative Outlier Mining improves robustness of OOD detection. ATOM achieves state-of-the-art performance under a broad family of classic and adversarial OOD evaluation tasks.
arXiv Detail & Related papers (2020-06-26T20:58:05Z)
Robust Out-of-distribution Detection for Neural Networks [51.19164318924997]
We show that existing detection mechanisms can be extremely brittle when evaluating on in-distribution and OOD inputs. We propose an effective algorithm called ALOE, which performs robust training by exposing the model to both adversarially crafted inlier and outlier examples.
arXiv Detail & Related papers (2020-03-21T17:46:28Z)

This list is automatically generated from the titles and abstracts of the papers in this site.