Adversarial robustness via attention transfer
نویسندگان
چکیده
Deep neural networks are known to be vulnerable adversarial attacks. The empirical analysis in our study suggests that attacks tend induce diverse network architectures shift the attention irrelevant regions. Motivated by this observation, we propose a regularization technique which enforces attentions well aligned via knowledge transfer mechanism, thereby encouraging robustness. Resultant model exhibits unprecedented robustness, securing 63.81% accuracy where prior art is 51.59% on CIFAR-10 dataset under PGD In addition, go beyond performance analytically investigate proposed method as an effective defense. Significantly flattened loss landscape can observed, demonstrating promise of for improving robustness and thus deployment security-sensitive settings.
منابع مشابه
Deep Adversarial Robustness
Deep learning has recently contributed to learning state-of-the-art representations in service of various image recognition tasks. Deep learning uses cascades of many layers of nonlinear processing units for feature extraction and transformation. Recently, researchers have shown that deep learning architectures are particularly vulnerable to adversarial examples, inputs to machine learning mode...
متن کاملAdversarial Robustness: Softmax versus Openmax
Deep neural networks (DNNs) provide state-of-the-art results on various tasks and are widely used in real world applications. However, it was discovered that machine learning models, including the best performing DNNs, suffer from a fundamental problem: they can unexpectedly and confidently misclassify examples formed by slightly perturbing otherwise correctly recognized inputs. Various approac...
متن کاملFacial Attributes: Accuracy and Adversarial Robustness
Facial attributes, emerging soft biometrics, must be automatically and reliably extracted from images in order to be usable in stand-alone systems. While recent methods extract facial attributes using deep neural networks (DNNs) trained on labeled facial attribute data, the robustness of deep attribute representations has not been evaluated. In this paper, we examine the representational stabil...
متن کاملParseval Networks: Improving Robustness to Adversarial Examples
We introduce Parseval networks, a form of deep neural networks in which the Lipschitz constant of linear, convolutional and aggregation layers is constrained to be smaller than 1. Parseval networks are empirically and theoretically motivated by an analysis of the robustness of the predictions made by deep neural networks when their input is subject to an adversarial perturbation. The most impor...
متن کاملCertifiable Distributional Robustness with Principled Adversarial Training
Neural networks are vulnerable to adversarial examples and researchers have proposed manyheuristic attack and defense mechanisms. We take the principled view of distributionally ro-bust optimization, which guarantees performance under adversarial input perturbations. Byconsidering a Lagrangian penalty formulation of perturbation of the underlying data distribu-tion in a Wasserst...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Pattern Recognition Letters
سال: 2021
ISSN: ['1872-7344', '0167-8655']
DOI: https://doi.org/10.1016/j.patrec.2021.03.011