209 research outputs found
MixupE: Understanding and Improving Mixup from Directional Derivative Perspective
Mixup is a popular data augmentation technique for training deep neural
networks where additional samples are generated by linearly interpolating pairs
of inputs and their labels. This technique is known to improve the
generalization performance in many learning paradigms and applications. In this
work, we first analyze Mixup and show that it implicitly regularizes infinitely
many directional derivatives of all orders. Based on this new insight, we
propose an improved version of Mixup, theoretically justified to deliver better
generalization performance than the vanilla Mixup. To demonstrate the
effectiveness of the proposed method, we conduct experiments across various
domains such as images, tabular data, speech, and graphs. Our results show that
the proposed method improves Mixup across multiple datasets using a variety of
architectures, for instance, exhibiting an improvement over Mixup by 0.8% in
ImageNet top-1 accuracy.Comment: 16 pages, Best Student Paper Award at UAI 202
Adversarial robustness of VAEs through the lens of local geometry
In an unsupervised attack on variational autoencoders (VAEs), an adversary
finds a small perturbation in an input sample that significantly changes its
latent space encoding, thereby compromising the reconstruction for a fixed
decoder. A known reason for such vulnerability is the distortions in the latent
space resulting from a mismatch between approximated latent posterior and a
prior distribution. Consequently, a slight change in an input sample can move
its encoding to a low/zero density region in the latent space resulting in an
unconstrained generation. This paper demonstrates that an optimal way for an
adversary to attack VAEs is to exploit a directional bias of a stochastic
pullback metric tensor induced by the encoder and decoder networks. The
pullback metric tensor of an encoder measures the change in infinitesimal
latent volume from an input to a latent space. Thus, it can be viewed as a lens
to analyse the effect of input perturbations leading to latent space
distortions. We propose robustness evaluation scores using the eigenspectrum of
a pullback metric tensor. Moreover, we empirically show that the scores
correlate with the robustness parameter of the VAE. Since
increasing also degrades reconstruction quality, we demonstrate a
simple alternative using \textit{mixup} training to fill the empty regions in
the latent space, thus improving robustness with improved reconstruction.Comment: International Conference on Artificial Intelligence and Statistics
(AISTATS) 202
Addressing Neural Network Robustness with Mixup and Targeted Labeling Adversarial Training
Despite their performance, Artificial Neural Networks are not reliable enough
for most of industrial applications. They are sensitive to noises, rotations,
blurs and adversarial examples. There is a need to build defenses that protect
against a wide range of perturbations, covering the most traditional common
corruptions and adversarial examples. We propose a new data augmentation
strategy called M-TLAT and designed to address robustness in a broad sense. Our
approach combines the Mixup augmentation and a new adversarial training
algorithm called Targeted Labeling Adversarial Training (TLAT). The idea of
TLAT is to interpolate the target labels of adversarial examples with the
ground-truth labels. We show that M-TLAT can increase the robustness of image
classifiers towards nineteen common corruptions and five adversarial attacks,
without reducing the accuracy on clean samples
InfoScrub: Towards Attribute Privacy by Targeted Obfuscation
Personal photos of individuals when shared online, apart from exhibiting a
myriad of memorable details, also reveals a wide range of private information
and potentially entails privacy risks (e.g., online harassment, tracking). To
mitigate such risks, it is crucial to study techniques that allow individuals
to limit the private information leaked in visual data. We tackle this problem
in a novel image obfuscation framework: to maximize entropy on inferences over
targeted privacy attributes, while retaining image fidelity. We approach the
problem based on an encoder-decoder style architecture, with two key novelties:
(a) introducing a discriminator to perform bi-directional translation
simultaneously from multiple unpaired domains; (b) predicting an image
interpolation which maximizes uncertainty over a target set of attributes. We
find our approach generates obfuscated images faithful to the original input
images, and additionally increase uncertainty by 6.2 (or up to 0.85
bits) over the non-obfuscated counterparts.Comment: 20 pages, 7 figure
- …