Internet Archive Scholar
Filters
























13,756 Hits in 4.6 sec

Theoretical evidence for adversarial robustness through randomization [article]

Rafael Pinot, Laurent Meunier, Alexandre Araujo, Hisashi Kashima, Florian Yger, Cédric Gouy-Pailler, Jamal Atif
2019 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (527.4 kB)
https://web.archive.org/web/20200902160146/https://arxiv.org/pdf/1902.01148v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2019 pre-print arXiv:1902.01148v1 fatcat:a4cjtvaccnh4jkwzzuxxscnkii
The first one relates the randomization rate to robustness to adversarial attacks.  ...  This paper investigates the theory of robustness against adversarial attacks. It focuses on the family of randomization techniques that consist in injecting noise in the network at inference time.  ...  In order to build a robust and accurate network, we will use a state-of-the art architecture (developed for natural images) and make it robust through randomized procedures.  ... 
arXiv:1902.01148v2 fatcat:cwmwyxjsorerzfc6tmwualqb54
Multiple Versions
Citation

Rafael Pinot, Laurent Meunier, Alexandre Araujo, Hisashi Kashima, Florian Yger, Cédric Gouy-Pailler, Jamal Atif. "Theoretical evidence for adversarial robustness through randomization." arXiv (2019)

Scaleable input gradient regularization for adversarial robustness [article]

Chris Finlay, Adam M Oberman
2019 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (487.1 kB)
https://web.archive.org/web/20200909155334/https://arxiv.org/pdf/1905.11468v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2019 pre-print
arXiv:1905.11468v1 fatcat:2r34j2rtrjcqrjkvwpsd2h6a3a
In this work we revisit gradient regularization for adversarial robustness with some new ingredients. First, we derive new per-image theoretical robustness bounds based on local gradient information.  ...  Finally, we show experimentally and through theoretical certification that input gradient regularization is competitive with adversarial training.  ...  Therefore we expect that models trained with squared norm gradient regularization should have similar adversarial robustness as those trained through randomized smoothing.  ... 
arXiv:1905.11468v2 fatcat:p3tkl5gaxvfehbdwifur3q47tm
Multiple Versions
Citation

Chris Finlay, Adam M Oberman. "Scaleable input gradient regularization for adversarial robustness." arXiv (2019)

Exploring Robust Architectures for Deep Artificial Neural Networks [article]

Asim Waqas
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (3.2 MB)
https://web.archive.org/web/20210702014409/https://arxiv.org/pdf/2106.15850v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2021 pre-print arXiv:2106.15850v1 fatcat:b676bgklyrefzikpofp2fql2xa
graph-theoretic measures.  ...  However, the relationship between the architecture of a DANN and its robustness to noise and adversarial attacks is less explored.  ...  [13] proposed a novel method of exploring a diverse set of connectivity patterns (or graph structures) through random graph-theoretic models. Moreover, You et al.  ... 
arXiv:2106.15850v2 fatcat:nv6ex35emfff3f3z3q5f33k4iy
Open Access Multiple Versions
Citation

Asim Waqas. "Exploring Robust Architectures for Deep Artificial Neural Networks." arXiv (2022)

Can we have it all? On the Trade-off between Spatial and Adversarial Robustness of Neural Networks [article]

Sandesh Kamath, Amit Deshpande, K V Subrahmanyam, Vineeth N Balasubramanian
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.5 MB)
https://web.archive.org/web/20211116195432/https://arxiv.org/pdf/2002.11318v5.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2021 pre-print
arXiv:2002.11318v4 fatcat:et6mqkwyubcmfkuvlzqh5opsgu
2021 pre-print
arXiv:2002.11318v3 fatcat:cx5jgbpcebhlxegg3kkqynajju
2020 pre-print
arXiv:2002.11318v2 fatcat:4ojlsdupgncdhbss6cwlyomwua
2020 pre-print
arXiv:2002.11318v1 fatcat:ltjhoyntgnhdtkhw5o252gnjvm
(Non-)robustness of neural networks to small, adversarial pixel-wise perturbations, and as more recently shown, to even random spatial transformations (e.g., translations, rotations) entreats both theoretical  ...  Spatial robustness to random translations and rotations is commonly attained via equivariant models (e.g., StdCNNs, GCNNs) and training augmentation, whereas adversarial robustness is typically achieved  ...  Sandesh Kamath would like to thank Microsoft Research India for funding a part of this work through his postdoctoral research fellowship at IIT Hyderabad.  ... 
arXiv:2002.11318v5 fatcat:hisowgjwprg47nywdgme3vhwaa
Open Access Multiple Versions
Citation

Sandesh Kamath, Amit Deshpande, K V Subrahmanyam, Vineeth N Balasubramanian. "Can we have it all? On the Trade-off between Spatial and Adversarial Robustness of Neural Networks." arXiv (2021)

Rethinking Clustering for Robustness [article]

Motasem Alfarra, Juan C. Pérez, Adel Bibi, Ali Thabet, Pablo Arbeláez, Bernard Ghanem
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.3 MB)
https://web.archive.org/web/20211130000139/https://arxiv.org/pdf/2006.07682v3.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2020 pre-print
arXiv:2006.07682v2 fatcat:fbbod74pgnbqfduykzvciwqvxm
2020 pre-print
arXiv:2006.07682v1 fatcat:glgnwgg4szhvfl23lwvgy43j5u
Moreover, we show that this certificate is tight, and we leverage it to propose ClusTR (Clustering Training for Robustness), a clustering-based and adversary-free training framework to learn robust models  ...  To do so, we provide a robustness certificate for distance-based classification models (clustering-based classifiers).  ...  This result constitutes empirical evidence of the theoretical robustness properties we presented for clustering-based classifiers.  ... 
arXiv:2006.07682v3 fatcat:ni6getu2rbhwxe6skjjfypds2a
Multiple Versions
Citation

Motasem Alfarra, Juan C. Pérez, Adel Bibi, Ali Thabet, Pablo Arbeláez, Bernard Ghanem. "Rethinking Clustering for Robustness." arXiv (2021)

On 1/n neural representation and robustness [article]

Josue Nassar, Piotr Aleksander Sokol, SueYeon Chung, Kenneth D. Harris, Il Memming Park
2020 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (19.3 MB)
https://web.archive.org/web/20201211012016/https://arxiv.org/pdf/2012.04729v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

We use adversarial robustness to probe Stringer et al's theory regarding the causal role of a 1/n covariance spectrum.  ...  Our results show that imposing the experimentally observed structure on artificial neural networks makes them more robust to adversarial attacks.  ...  Adversarial robustness of the CNN for various values of β where the shaded region is ± 1 standard deviation over 3 random seeds.  ... 
arXiv:2012.04729v1 fatcat:64n46oqxdzg63ouzhkmiscdx2u
Open Access
Citation

Josue Nassar, Piotr Aleksander Sokol, SueYeon Chung, Kenneth D. Harris, Il Memming Park. "On 1/n neural representation and robustness." arXiv (2020)

Achieving Adversarial Robustness via Sparsity [article]

Shufan Wang, Ningyi Liao, Liyao Xiang, Nanyang Ye, Quanshi Zhang
2020 arXiv   pre-print

Preserved Fulltext

Web Archive Capture PDF (527.1 kB)
https://web.archive.org/web/20201002004440/https://arxiv.org/pdf/2009.05423v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Through experiments on a variety of adversarial pruning methods, we find that weights sparsity will not hurt but improve robustness, where both weights inheritance from the lottery ticket and adversarial  ...  In this work, we theoretically prove that the sparsity of network weights is closely associated with model robustness.  ...  Thus we conclude that it is able to achieve preferable adversarial robustness through the lottery tickets settings. Comparison with previous results.  ... 
arXiv:2009.05423v1 fatcat:lhfd77lukfaqzcisnqniqit7te
Citation

Shufan Wang, Ningyi Liao, Liyao Xiang, Nanyang Ye, Quanshi Zhang. "Achieving Adversarial Robustness via Sparsity." arXiv (2020)

Are Labels Required for Improving Adversarial Robustness? [article]

Jonathan Uesato, Jean-Baptiste Alayrac, Po-Sen Huang, Robert Stanforth, Alhussein Fawzi, Pushmeet Kohli
2019 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.3 MB)
https://web.archive.org/web/20200827220143/https://arxiv.org/pdf/1905.13725v4.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2019 pre-print
arXiv:1905.13725v2 fatcat:hj7qruhe2fgtbj3sxfb2ue3tki
2019 pre-print
arXiv:1905.13725v3 fatcat:knyn5wmwmva43gsjwznpgktjbm
2019 pre-print
arXiv:1905.13725v1 fatcat:dpvdp7m3xjfnxfhev35nlecxkm
Theoretically, we show that in a simple statistical setting, the sample complexity for learning an adversarially robust model from unlabeled data matches the fully supervised case up to constant factors  ...  Our main insight is that unlabeled data can be a competitive alternative to labeled data for training adversarially robust models.  ...  We would like to especially thank Sven Gowal for helping us evaluate with the MultiTargeted attack and for the loss landscape visualizations, as well as insightful discussions throughout this project.  ... 
arXiv:1905.13725v4 fatcat:iykb3cpk4rb53av4idkugfldra
Multiple Versions
Citation

Jonathan Uesato, Jean-Baptiste Alayrac, Po-Sen Huang, Robert Stanforth, Alhussein Fawzi, Pushmeet Kohli. "Are Labels Required for Improving Adversarial Robustness?." arXiv (2019)

Analyzing Accuracy Loss in Randomized Smoothing Defenses [article]

Yue Gao, Harrison Rosenberg, Kassem Fawaz, Somesh Jha, Justin Hsu
2020 arXiv   pre-print

Preserved Fulltext

Web Archive Capture PDF (1.5 MB)
https://web.archive.org/web/20200321112830/https://arxiv.org/pdf/2003.01595v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

In this paper, we theoretically and empirically explore randomized smoothing.  ...  To perform our analysis, we introduce a model for randomized smoothing which abstracts away specifics, such as the exact distribution of the noise.  ...  As evident in fig. 3 , we see that noise augmentation provides adversarial robustness comparable to that of the randomized smoothing operation, especially for relatively small noise levels.  ... 
arXiv:2003.01595v1 fatcat:ouj643akhjfcpjwbz5ynlavqsy
Citation

Yue Gao, Harrison Rosenberg, Kassem Fawaz, Somesh Jha, Justin Hsu. "Analyzing Accuracy Loss in Randomized Smoothing Defenses." arXiv (2020)

Masking Adversarial Damage: Finding Adversarial Saliency for Robust and Sparse Network [article]

Byung-Kwan Lee, Junho Kim, Yong Man Ro
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.6 MB)
https://web.archive.org/web/20220515074237/https://arxiv.org/pdf/2204.02738v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

By using it, we can accurately estimate adversarial saliency for model parameters and determine which parameters can be pruned without weakening adversarial robustness.  ...  Through extensive experiments on three public datasets, we demonstrate that MAD effectively prunes adversarially trained networks without loosing adversarial robustness and shows better performance than  ...  This work was conducted by Center for Applied Research in Artificial Intelligence (CARAI) grant funded by DAPA and ADD (UD190031RD).  ... 
arXiv:2204.02738v1 fatcat:sr7sdgq5q5hsjkw56h6gc3gymu
Citation

Byung-Kwan Lee, Junho Kim, Yong Man Ro. "Masking Adversarial Damage: Finding Adversarial Saliency for Robust and Sparse Network." arXiv (2022)

Robustness of classifiers to uniform $\ell_p$ and Gaussian noise

Jean-Yves Franceschi, Alhussein Fawzi, Omar Fawzi
2018 International Conference on Artificial Intelligence and Statistics  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.1 MB)
https://web.archive.org/web/20220120095549/http://proceedings.mlr.press/v84/franceschi18a/franceschi18a.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

We study the robustness of classifiers to various kinds of random noise models.  ...  We characterize this robustness to random noise in terms of the distance to the decision boundary of the classifier.  ...  Acknowledgements We gratefully acknowledge the support of NVIDIA Corporation with the donation of the Titan Xp GPU used for this research.  ... 
dblp:conf/aistats/FranceschiFF18 fatcat:lkoiyn6c3jcmhmcahv45dllguu
Citation

Jean-Yves Franceschi, Alhussein Fawzi, Omar Fawzi. "Robustness of classifiers to uniform $\ell_p$ and Gaussian noise." International Conference on Artificial Intelligence and Statistics (2018) 1280-1288

Robustness via curvature regularization, and vice versa [article]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Jonathan Uesato, Pascal Frossard
2018 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (6.7 MB)
https://web.archive.org/web/20191025065539/https://arxiv.org/pdf/1811.09716v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

Using a locally quadratic approximation, we provide theoretical evidence on the existence of a strong relation between large robustness and small curvature.  ...  To further show the importance of reduced curvature for improving the robustness, we propose a new regularizer that directly minimizes curvature of the loss surface, and leads to adversarial robustness  ...  Acknowledgements A.F. would like to thank Neil Rabinowitz and Avraham Ruderman for the fruitful discussions.  ... 
arXiv:1811.09716v1 fatcat:yqjshbawrfgbxg5dgwz4ukpbre
Citation

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Jonathan Uesato, Pascal Frossard. "Robustness via curvature regularization, and vice versa." arXiv (2018)

Robustness via Curvature Regularization, and Vice Versa

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Jonathan Uesato, Pascal Frossard
2019 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (5.8 MB)
https://web.archive.org/web/20200323000241/https://os.unil.cloud.switch.ch/tind-customer-epfl/f40a22dc-02b6-4331-a512-dc99e5340639?response-content-disposition=attachment%3B%20filename%2A%3DUTF-8%27%27main.pdf&response-content-type=application%2Fpdf&AWSAccessKeyId=ded3589a13b4450889b2f728d54861a6&Expires=1585008161&Signature=za9XZzUCFgWsrDIT%2FECMFwvux3s%3D

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Using a locally quadratic approximation, we provide theoretical evidence on the existence of a strong relation between large robustness and small curvature.  ...  To further show the importance of reduced curvature for improving the robustness, we propose a new regularizer that directly minimizes curvature of the loss surface, and leads to adversarial robustness  ...  Acknowledgements A.F. would like to thank Neil Rabinowitz and Avraham Ruderman for the fruitful discussions.  ... 
doi:10.1109/cvpr.2019.00929 dblp:conf/cvpr/Moosavi-Dezfooli19 fatcat:uxxjr33zy5cwlbgu6juvxpv7vy
Citation

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Jonathan Uesato, Pascal Frossard. "Robustness via Curvature Regularization, and Vice Versa." 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2019) 9078-9086

Optimism in the Face of Adversity: Understanding and Improving Deep Learning through Adversarial Robustness [article]

Guillermo Ortiz-Jimenez, Apostolos Modas, Seyed-Mohsen Moosavi-Dezfooli, Pascal Frossard
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (19.1 MB)
https://web.archive.org/web/20210131160849/https://arxiv.org/pdf/2010.09624v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2020 pre-print
arXiv:2010.09624v1 fatcat:ifyg7iqcxja5vdn2kg5fboqaai
Furthermore, we demonstrate the broad applicability of adversarial robustness, providing an overview of the main emerging applications of adversarial robustness beyond security.  ...  Nevertheless, our current theoretical understanding on the mathematical foundations of deep learning lags far behind its empirical success.  ...  While one can find empirical evidence in favor of both arguments, a definite theoretical resolution remains to be found.  ... 
arXiv:2010.09624v2 fatcat:mvhosdtxgzcytel75h4foaxqqu
Multiple Versions
Citation

Guillermo Ortiz-Jimenez, Apostolos Modas, Seyed-Mohsen Moosavi-Dezfooli, Pascal Frossard. "Optimism in the Face of Adversity: Understanding and Improving Deep Learning through Adversarial Robustness." arXiv (2021)

Towards Adversarial Robustness via Transductive Learning [article]

Jiefeng Chen, Yang Guo, Xi Wu, Tianqi Li, Qicheng Lao, Yingyu Liang, Somesh Jha
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.1 MB)
https://web.archive.org/web/20210618101143/https://arxiv.org/pdf/2106.08387v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

There has been emerging interest to use transductive learning for adversarial robustness (Goldwasser et al., NeurIPS 2020; Wu et al., ICML 2020).  ...  To this end, we present new theoretical and empirical evidence in support of the utility of transductive learning.  ...  Certified adversarial robustness via randomized smoothing.  ... 
arXiv:2106.08387v1 fatcat:fybiielic5hnzjeenxcbab34ju
Citation

Jiefeng Chen, Yang Guo, Xi Wu, Tianqi Li, Qicheng Lao, Yingyu Liang, Somesh Jha. "Towards Adversarial Robustness via Transductive Learning." arXiv (2021)

« Previous Showing results 1 — 15 out of 13,756 results