1,325 research outputs found
Towards Improving Robustness Against Common Corruptions in Object Detectors Using Adversarial Contrastive Learning
Neural networks have revolutionized various domains, exhibiting remarkable
accuracy in tasks like natural language processing and computer vision.
However, their vulnerability to slight alterations in input samples poses
challenges, particularly in safety-critical applications like autonomous
driving. Current approaches, such as introducing distortions during training,
fall short in addressing unforeseen corruptions. This paper proposes an
innovative adversarial contrastive learning framework to enhance neural network
robustness simultaneously against adversarial attacks and common corruptions.
By generating instance-wise adversarial examples and optimizing contrastive
loss, our method fosters representations that resist adversarial perturbations
and remain robust in real-world scenarios. Subsequent contrastive learning then
strengthens the similarity between clean samples and their adversarial
counterparts, fostering representations resistant to both adversarial attacks
and common distortions. By focusing on improving performance under adversarial
and real-world conditions, our approach aims to bolster the robustness of
neural networks in safety-critical applications, such as autonomous vehicles
navigating unpredictable weather conditions. We anticipate that this framework
will contribute to advancing the reliability of neural networks in challenging
environments, facilitating their widespread adoption in mission-critical
scenarios
OTJR: Optimal Transport Meets Optimal Jacobian Regularization for Adversarial Robustness
The Web, as a rich medium of diverse content, has been constantly under the
threat of malicious entities exploiting its vulnerabilities, especially with
the rapid proliferation of deep learning applications in various web services.
One such vulnerability, crucial to the fidelity and integrity of web content,
is the susceptibility of deep neural networks to adversarial perturbations,
especially concerning images - a dominant form of data on the web. In light of
the recent advancements in the robustness of classifiers, we delve deep into
the intricacies of adversarial training (AT) and Jacobian regularization, two
pivotal defenses. Our work {is the} first carefully analyzes and characterizes
these two schools of approaches, both theoretically and empirically, to
demonstrate how each approach impacts the robust learning of a classifier.
Next, we propose our novel Optimal Transport with Jacobian regularization
method, dubbed~\SystemName, jointly incorporating the input-output Jacobian
regularization into the AT by leveraging the optimal transport theory. In
particular, we employ the Sliced Wasserstein (SW) distance that can efficiently
push the adversarial samples' representations closer to those of clean samples,
regardless of the number of classes within the dataset. The SW distance
provides the adversarial samples' movement directions, which are much more
informative and powerful for the Jacobian regularization. Our empirical
evaluations set a new standard in the domain, with our method achieving
commendable accuracies of 51.41\% on the ~\CIFAR-10 and 28.49\% on the
~\CIFAR-100 datasets under the AutoAttack metric. In a real-world
demonstration, we subject images sourced from the Internet to online
adversarial attacks, reinforcing the efficacy and relevance of our model in
defending against sophisticated web-image perturbations
Adversarial Attacks and Defenses in Machine Learning-Powered Networks: A Contemporary Survey
Adversarial attacks and defenses in machine learning and deep neural network
have been gaining significant attention due to the rapidly growing applications
of deep learning in the Internet and relevant scenarios. This survey provides a
comprehensive overview of the recent advancements in the field of adversarial
attack and defense techniques, with a focus on deep neural network-based
classification models. Specifically, we conduct a comprehensive classification
of recent adversarial attack methods and state-of-the-art adversarial defense
techniques based on attack principles, and present them in visually appealing
tables and tree diagrams. This is based on a rigorous evaluation of the
existing works, including an analysis of their strengths and limitations. We
also categorize the methods into counter-attack detection and robustness
enhancement, with a specific focus on regularization-based methods for
enhancing robustness. New avenues of attack are also explored, including
search-based, decision-based, drop-based, and physical-world attacks, and a
hierarchical classification of the latest defense methods is provided,
highlighting the challenges of balancing training costs with performance,
maintaining clean accuracy, overcoming the effect of gradient masking, and
ensuring method transferability. At last, the lessons learned and open
challenges are summarized with future research opportunities recommended.Comment: 46 pages, 21 figure
A Survey on Transferability of Adversarial Examples across Deep Neural Networks
The emergence of Deep Neural Networks (DNNs) has revolutionized various
domains, enabling the resolution of complex tasks spanning image recognition,
natural language processing, and scientific problem-solving. However, this
progress has also exposed a concerning vulnerability: adversarial examples.
These crafted inputs, imperceptible to humans, can manipulate machine learning
models into making erroneous predictions, raising concerns for safety-critical
applications. An intriguing property of this phenomenon is the transferability
of adversarial examples, where perturbations crafted for one model can deceive
another, often with a different architecture. This intriguing property enables
"black-box" attacks, circumventing the need for detailed knowledge of the
target model. This survey explores the landscape of the adversarial
transferability of adversarial examples. We categorize existing methodologies
to enhance adversarial transferability and discuss the fundamental principles
guiding each approach. While the predominant body of research primarily
concentrates on image classification, we also extend our discussion to
encompass other vision tasks and beyond. Challenges and future prospects are
discussed, highlighting the importance of fortifying DNNs against adversarial
vulnerabilities in an evolving landscape
Learning Transferable Adversarial Robust Representations via Multi-view Consistency
Despite the success on few-shot learning problems, most meta-learned models
only focus on achieving good performance on clean examples and thus easily
break down when given adversarially perturbed samples. While some recent works
have shown that a combination of adversarial learning and meta-learning could
enhance the robustness of a meta-learner against adversarial attacks, they fail
to achieve generalizable adversarial robustness to unseen domains and tasks,
which is the ultimate goal of meta-learning. To address this challenge, we
propose a novel meta-adversarial multi-view representation learning framework
with dual encoders. Specifically, we introduce the discrepancy across the two
differently augmented samples of the same data instance by first updating the
encoder parameters with them and further imposing a novel label-free
adversarial attack to maximize their discrepancy. Then, we maximize the
consistency across the views to learn transferable robust representations
across domains and tasks. Through experimental validation on multiple
benchmarks, we demonstrate the effectiveness of our framework on few-shot
learning tasks from unseen domains, achieving over 10\% robust accuracy
improvements against previous adversarial meta-learning baselines.Comment: *Equal contribution (Author ordering determined by coin flip).
NeurIPS SafetyML workshop 2022, Under revie
- …