Filters








2,956 Hits in 7.0 sec

Impact of Attention on Adversarial Robustness of Image Classification Models [article]

Prachi Agrawal, Narinder Singh Punn, Sanjay Kumar Sonbhadra, Sonali Agarwal
2021 arXiv   pre-print
In contrast to the datasets with less number of classes, attention based models are observed to show better robustness towards classification.  ...  Adversarial attacks against deep learning models have gained significant attention and recent works have proposed explanations for the existence of adversarial examples and techniques to defend the models  ...  ACKNOWLEDGMENT We thank our institute, Indian Institute of Information Technology Allahabad (IIITA), India and Big Data Analytics (BDA) lab for allocating the centralised computing facility and other necessary  ... 
arXiv:2109.00936v1 fatcat:6g27hqf2zfdgdctjsqqd6ju6d4

Guided Diffusion Model for Adversarial Purification from Random Noise [article]

Quanlin Wu, Hang Ye, Yuntian Gu
2022 arXiv   pre-print
We first explore the essential correlations between unguided diffusion models and randomized smoothing, enabling us to apply the models to certified robustness.  ...  In this paper, we propose a novel guided diffusion purification approach to provide a strong defense against adversarial attacks.  ...  Pixeldefend: Leveraging generative models to understand and defend against adversarial examples. arXiv preprint arXiv:1710.10766, 2017. [16] C. Szegedy, W. Zaremba, I. Sutskever, J.  ... 
arXiv:2206.10875v1 fatcat:o5yki5bbr5aotjg7vwen7esfrq

Certified Robustness Against Natural Language Attacks by Causal Intervention [article]

Haiteng Zhao, Chang Ma, Xinshuai Dong, Anh Tuan Luu, Zhi-Hong Deng, Hanwang Zhang
2022 arXiv   pre-print
For example, on YELP, CISS surpasses the runner-up by 6.7% in terms of certified robustness against word substitutions, and achieves 79.4% empirical robustness when syntactic attacks are integrated.  ...  Deep learning models have achieved great success in many fields, yet they are vulnerable to adversarial examples.  ...  We are interested in a classifier q(y|x) that is robust against adversarial examples.  ... 
arXiv:2205.12331v2 fatcat:7eshbkhldzdy3bh42boxnsgddq

Towards Adversarial Patch Analysis and Certified Defense against Crowd Counting [article]

Qiming Wu, Zhikang Zou, Pan Zhou, Xiaoqing Ye, Binghui Wang, Ang Li
2021 arXiv   pre-print
To better enhance the adversarial robustness of crowd counting models, we propose the first regression model-based Randomized Ablation (RA), which is more sufficient than Adversarial Training (ADT) (Mean  ...  Absolute Error of RA is 5 lower than ADT on clean samples and 30 lower than ADT on adversarial examples).  ...  ACKNOWLEDGMENTS This work is supported by National Natural Science Foundation of China (NSFC) under grant no. 61972448. (Corresponding author: Pan Zhou).  ... 
arXiv:2104.10868v2 fatcat:w7n557tdbndbdoubykn27c3qna

On the Adversarial Robustness of Vision Transformers [article]

Rulin Shao, Zhouxing Shi, Jinfeng Yi, Pin-Yu Chen, Cho-Jui Hsieh
2021 arXiv   pre-print
cost of adversarial robustness. 3) Increasing the proportion of transformers in the model structure (when the model consists of both transformer and CNN blocks) leads to better robustness.  ...  though it is critical for training ViTs. 5) Adversarial training is also applicable to ViT for training robust models.  ...  While ViT and its variants hold promise toward a unified machine learning paradigm and architecture applicable to different data modalities, it remains unclear on the robustness of ViT against adversarial  ... 
arXiv:2103.15670v2 fatcat:5l7egwjp5zf7jnzmjp6zmhzofa

Adversarial Logit Pairing [article]

Harini Kannan, Alexey Kurakin, Ian Goodfellow
2018 arXiv   pre-print
In this paper, we develop improved techniques for defending against adversarial examples at scale.  ...  When applied to clean examples and their adversarial counterparts, logit pairing improves accuracy on adversarial examples over vanilla adversarial training; we also find that logit pairing on clean examples  ...  Acknowledgements We thank Tom Brown for helpful feedback on drafts of this article.  ... 
arXiv:1803.06373v1 fatcat:7k6sv6623fbnfmyvl33ajhpjqm

Certified Robustness to Text Adversarial Attacks by Randomized [MASK] [article]

Jiehang Zeng, Xiaoqing Zheng, Jianhan Xu, Linyang Li, Liping Yuan, Xuanjing Huang
2021 arXiv   pre-print
Recently, few certified defense methods have been developed to provably guarantee the robustness of a text classifier to adversarial synonym substitutions.  ...  We can certify the classifications of over 50% texts to be robust to any perturbation of 5 words on AGNEWS, and 2 words on SST2 dataset.  ...  This work was supported by Shanghai Municipal Science and Technology Major Project (No. 2021SHZDZX0103), National Science Foundation of China (No. 62076068) and Zhangjiang Lab.  ... 
arXiv:2105.03743v3 fatcat:c7vp7qc5pba25omiivatwbhoam

A Simple Fine-tuning Is All You Need: Towards Robust Deep Learning Via Adversarial Fine-tuning [article]

Ahmadreza Jeddi, Mohammad Javad Shafiee, Alexander Wong
2020 arXiv   pre-print
While the effect of factors such as model capacity and scale of training data on adversarial robustness have been extensively studied, little attention has been paid to the effect of a very important parameter  ...  train a model from scratch but can instead simply adversarially fine-tune a pre-trained model.  ...  Progress has been made in this area; especially, some recent works [5, 11, 16, 19] have offered some levels of certified robustness against adversarial examples.  ... 
arXiv:2012.13628v1 fatcat:yjoknboeqzgr7mwhxweinhenhy

A survey in Adversarial Defences and Robustness in NLP [article]

Shreya Goyal, Sumanth Doddapaneni, Mitesh M.Khapra, Balaraman Ravindran
2022 arXiv   pre-print
In contrast with image data, generating adversarial attacks and defending these models is not easy in NLP because of the discrete nature of the text data.  ...  In recent years, it has been seen that deep neural networks are lacking robustness and are likely to break in case of adversarial perturbations in input data.  ...  other variants. • Better evaluation metrics: The current evaluation of robustness against adversarial attacks for NLP models is based on the performance metrics of the actual model, i.e. accuracy, precision-recall  ... 
arXiv:2203.06414v2 fatcat:2ukd44px35e7ppskzkaprfw4ha

Certified Robustness to Adversarial Word Substitutions

Robin Jia, Aditi Raghunathan, Kerem Göksel, Percy Liang
2019 Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP)  
To evaluate models' robustness to these transformations, we measure accuracy on adversarially chosen word substitutions applied to test examples.  ...  In comparison, on IMDB, models trained normally and ones trained with data augmentation achieve adversarial accuracy of only 8% and 35%, respectively.  ...  We thank Allen Nie for providing the pre-trained language model, and thank Peng Qi, Urvashi Khandelwal, Shiori Sagawa, and the anonymous reviewers for their helpful comments.  ... 
doi:10.18653/v1/d19-1423 dblp:conf/emnlp/JiaRGL19 fatcat:225qnek6srbohbkeoe6fb2kimi

Adversarial Patch Attacks and Defences in Vision-Based Tasks: A Survey [article]

Abhijith Sharma, Yijun Bian, Phil Munz, Apurva Narayan
2022 arXiv   pre-print
Adversarial attacks in deep learning models, especially for safety-critical systems, are gaining more and more attention in recent years, due to the lack of trust in the security and robustness of AI models  ...  We also discuss existing techniques for developing detection and defences against adversarial patches, aiming to help the community better understand this field and its applications in the real world.  ...  Despite the limitations of time cost, certified defences are the first step towards the ultimate robustness in deep learning based vision systems.  ... 
arXiv:2206.08304v1 fatcat:77ok6helcffp3fmprwdbqukfzm

Opportunities and Challenges in Deep Learning Adversarial Robustness: A Survey [article]

Samuel Henrique Silva, Peyman Najafirad
2020 arXiv   pre-print
We survey the most recent and important results in adversarial example generation, defense mechanisms with adversarial (re)Training as their main defense against perturbations.  ...  This paper studies strategies to implement adversary robustly trained algorithms towards guaranteeing safety in machine learning algorithms.  ...  Opposed, DNN models which were adversarially trained tend to have a bias in favor of a global understanding of the features.  ... 
arXiv:2007.00753v2 fatcat:6xjcd5kinzeevleev26jpj4mym

Backdoor Learning: A Survey [article]

Yiming Li, Yong Jiang, Zhifeng Li, Shu-Tao Xia
2022 arXiv   pre-print
This threat could happen when the training process is not fully controlled, such as training on third-party datasets or adopting third-party models, which poses a new and realistic threat.  ...  A curated list of backdoor-related resources is also available at .  ...  ACKNOWLEDGEMENTS This work was partly done when Yiming Li was a research intern at Tencent AI Lab, supported by the Tencent Rhino-Bird Elite Training Program (2020).  ... 
arXiv:2007.08745v5 fatcat:5vffxzvh7bdb5nz7qlrytssowi

Efficient Robust Training via Backward Smoothing [article]

Jinghui Chen and Yu Cheng and Zhe Gan and Quanquan Gu and Jingjing Liu
2021 arXiv   pre-print
Adversarial training is so far the most effective strategy in defending against adversarial examples.  ...  In this work, we develop a new understanding towards Fast Adversarial Training, by viewing random initialization as performing randomized smoothing for better optimization of the inner maximization problem  ...  However, they are later shown by as not truly robust. Adversarial training (Madry et al., 2018) is the first effective method towards defending against adversarial examples.  ... 
arXiv:2010.01278v2 fatcat:n37wp24blnfypalaqfxxzdv6ia

Does Robustness Improve Fairness? Approaching Fairness with Word Substitution Robustness Methods for Text Classification [article]

Yada Pruksachatkun and Satyapriya Krishna and Jwala Dhamala and Rahul Gupta and Kai-Wei Chang
2021 arXiv   pre-print
Separately, certified word substitution robustness methods have been developed to decrease the impact of spurious features and synonym substitutions on model predictions.  ...  We observe that certified robustness methods improve fairness, and using both robustness and bias mitigation methods in training results in an improvement in both fronts  ...  Empirical Study on the Connection between Fairness and Robustness To better understand the connection between fairness and certified robustness in the context of text classification, we empirically analyze  ... 
arXiv:2106.10826v1 fatcat:fhgqzd2ssngn3d4ok4oc7gr6ui
« Previous Showing results 1 — 15 out of 2,956 results