Manifold-driven decomposition for adversarial robustness

被引：0

作者：

Zhang, Wenjia ^{[1
]}

Zhang, Yikai ^{[2
]}

Hu, Xiaoling ^{[3
]}

Yao, Yi ^{[4
]}

Goswami, Mayank ^{[5
]}

Chen, Chao ^{[6
]}

Metaxas, Dimitris ^{[1
]}

机构：

[1] Rutgers State Univ, Dept Comp Sci, Piscataway, NJ 08854 USA

[2] Morgan Stanley, New York, NY USA

[3] SUNY Stony Brook, Dept Comp Sci, Stony Brook, NY USA

[4] SRI Int, Comp Vis Lab, Princeton, NJ USA

[5] CUNY, Dept Comp Sci, Queens Coll, New York, NY USA

[6] SUNY Stony Brook, Dept Biomed Informat, Stony Brook, NY 11794 USA

来源：

FRONTIERS IN COMPUTER SCIENCE | 2024年 / 5卷

基金：

美国国家科学基金会;

关键词：

robustness; adversarial attack; manifold; topological analysis of network; generalization;

D O I：

10.3389/fcomp.2023.1274695

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

The adversarial risk of a machine learning model has been widely studied. Most previous studies assume that the data lie in the whole ambient space. We propose to take a new angle and take the manifold assumption into consideration. Assuming data lie in a manifold, we investigate two new types of adversarial risk, the normal adversarial risk due to perturbation along normal direction and the in-manifold adversarial risk due to perturbation within the manifold. We prove that the classic adversarial risk can be bounded from both sides using the normal and in-manifold adversarial risks. We also show a surprisingly pessimistic case that the standard adversarial risk can be non-zero even when both normal and in-manifold adversarial risks are zero. We finalize the study with empirical studies supporting our theoretical results. Our results suggest the possibility of improving the robustness of a classifier without sacrificing model accuracy, by only focusing on the normal adversarial risk.

引用

页数：13

共 50 条

[21] Robustness Tokens: Towards Adversarial Robustness of Transformers
Pulfer, Brian
Belousov, Yury
Voloshynovskiy, Slava
COMPUTER VISION - ECCV 2024, PT LIX, 2025, 15117 : 110 - 127
[22] A Manifold View of Adversarial Risk
Zhang, Wenjia
Zhang, Yikai
Hu, Xiaolin
Goswami, Mayank
Chen, Chao
Metaxas, Dimitris
INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND STATISTICS, VOL 151, 2022, 151
[23] Adversarial Purification with the Manifold Hypothesis
Yang, Zhaoyuan
Xu, Zhiwei
Zhang, Jing
Hartley, Richard
Tu, Peter
THIRTY-EIGHTH AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE, VOL 38 NO 15, 2024, : 16379 - 16387
[24] Adversarial Minimax Training for Robustness Against Adversarial Examples
Komiyama, Ryota
Hattori, Motonobu
NEURAL INFORMATION PROCESSING (ICONIP 2018), PT II, 2018, 11302 : 690 - 699
[25] EXPLOITING DOUBLY ADVERSARIAL EXAMPLES FOR IMPROVING ADVERSARIAL ROBUSTNESS
Byun, Junyoung
Go, Hyojun
Cho, Seungju
Kim, Changick
2022 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING, ICIP, 2022, : 1331 - 1335
[26] On the Convergence and Robustness of Adversarial Training
Wang, Yisen
Ma, Xingjun
Bailey, James
Yi, Jinfeng
Zhou, Bowen
Gu, Quanquan
INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 97, 2019, 97
[27] Adversarial Robustness of Model Sets
Megyeri, Istvan
Hegedus, Istvan
Jelasity, Mark
2020 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2020,
[28] On Saliency Maps and Adversarial Robustness
Mangla, Puneet
Singh, Vedant
Balasubramanian, Vineeth N.
MACHINE LEARNING AND KNOWLEDGE DISCOVERY IN DATABASES, ECML PKDD 2020, PT II, 2021, 12458 : 272 - 288
[29] Metric Learning for Adversarial Robustness
Mao, Chengzhi
Zhong, Ziyuan
Yang, Junfeng
Vondrick, Carl
Ray, Baishakhi
ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 32 (NIPS 2019), 2019, 32
[30] Dropping Pixels for Adversarial Robustness
Hosseini, Hossein
Kannan, Sreeram
Poovendran, Radha
2019 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION WORKSHOPS (CVPRW 2019), 2019, : 91 - 97

← 1 2 3 4 5 →