Consistency Regularization for Adversarial Robustness

نویسندگان

چکیده

Adversarial training (AT) is currently one of the most successful methods to obtain adversarial robustness deep neural networks. However, phenomenon robust overfitting, i.e., starts decrease significantly during AT, has been problematic, not only making practitioners consider a bag tricks for training, e.g., early stopping, but also incurring significant generalization gap in robustness. In this paper, we propose an effective regularization technique that prevents overfitting by optimizing auxiliary `consistency' loss AT. Specifically, discover data augmentation quite tool mitigate and develop forces predictive distributions after attacking from two different augmentations same instance be similar with each other. Our experimental results demonstrate such simple brings improvements test accuracy wide range AT methods. More remarkably, show our method could help model generalize its against unseen adversaries, other types or larger perturbations compared those used training. Code available at https://github.com/alinlab/consistency-adversarial.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Improving DNN Robustness to Adversarial Attacks using Jacobian Regularization

Deep neural networks have lately shown tremendous performance in various applications including vision and speech processing tasks. However, alongside their ability to perform these tasks with such high accuracy, it has been shown that they are highly susceptible to adversarial attacks: a small change of the input would cause the network to err with high confidence. This phenomenon exposes an i...

متن کامل

Adversarial Dropout Regularization

We present a method for transferring neural representations from label-rich source domains to unlabeled target domains. Recent adversarial methods proposed for this task learn to align features across domains by fooling a special domain critic network. However, a drawback of this approach is that the critic simply labels the generated features as in-domain or not, without considering the bounda...

متن کامل

Deep Adversarial Robustness

Deep learning has recently contributed to learning state-of-the-art representations in service of various image recognition tasks. Deep learning uses cascades of many layers of nonlinear processing units for feature extraction and transformation. Recently, researchers have shown that deep learning architectures are particularly vulnerable to adversarial examples, inputs to machine learning mode...

متن کامل

Adversarial Robustness: Softmax versus Openmax

Deep neural networks (DNNs) provide state-of-the-art results on various tasks and are widely used in real world applications. However, it was discovered that machine learning models, including the best performing DNNs, suffer from a fundamental problem: they can unexpectedly and confidently misclassify examples formed by slightly perturbing otherwise correctly recognized inputs. Various approac...

متن کامل

Facial Attributes: Accuracy and Adversarial Robustness

Facial attributes, emerging soft biometrics, must be automatically and reliably extracted from images in order to be usable in stand-alone systems. While recent methods extract facial attributes using deep neural networks (DNNs) trained on labeled facial attribute data, the robustness of deep attribute representations has not been evaluated. In this paper, we examine the representational stabil...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: Proceedings of the ... AAAI Conference on Artificial Intelligence

سال: 2022

ISSN: ['2159-5399', '2374-3468']

DOI: https://doi.org/10.1609/aaai.v36i8.20817