Search Results for author:
Found 24 papers, 13 papers with code
Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training
In this paper we study leveraging confidence information induced by adversarial training to reinforce adversarial robustness of a given adversarially trained model.
ReabsNet: Detecting and Revising Adversarial Examples
Though deep neural network has hit a huge success in recent studies and applica- tions, it still remains vulnerable to adversarial perturbations which are imperceptible to humans.
Towards Understanding Limitations of Pixel Discretization Against Adversarial Attacks
We analyze our results in a theoretical framework and offer strong evidence that pixel discretization is unlikely to work on all but the simplest of the datasets.
Concise Explanations of Neural Networks using Adversarial Training
Our first contribution is a theoretical exploration of how these two properties (when using attributions based on Integrated Gradients, or IG) are related to adversarial training, for a class of 1-layer networks (which includes logistic regression models for binary and multi-class classification); for these networks we show that (a) adversarial training using an $\ell_\infty$-bounded adversary produces models with sparse attribution vectors, and (b) natural model-training while encouraging stable explanations (via an extra term in the loss function), is equivalent to adversarial training.
Robust Attribution Regularization
An emerging problem in trustworthy machine learning is to train models that produce robust interpretations for their predictions.
AI-GAN: Attack-Inspired Generation of Adversarial Examples
Deep neural networks (DNNs) are vulnerable to adversarial examples, which are crafted by adding imperceptible perturbations to inputs.
GRAPHITE: Generating Automatic Physical Examples for Machine-Learning Attacks on Computer Vision Systems
We address three key requirements for practical attacks for the real-world: 1) automatically constraining the size and shape of the attack so it can be applied with stickers, 2) transform-robustness, i. e., robustness of a attack to environmental physical variations such as viewpoint and lighting changes, and 3) supporting attacks in not only white-box, but also black-box hard-label scenarios, so that the adversary can attack proprietary models.
Robust Out-of-distribution Detection for Neural Networks
Formally, we extensively study the problem of Robust Out-of-Distribution Detection on common OOD detection approaches, and show that state-of-the-art OOD detectors can be easily fooled by adding small perturbations to the in-distribution and OOD inputs.
Out-of-Distribution Detection
Out of Distribution (OOD) Detection
Representation Bayesian Risk Decompositions and Multi-Source Domain Adaptation
Recent studies provide hints and failure examples for domain invariant representation learning, a common approach for this problem, but the explanations provided are somewhat different and do not provide a unified picture.
ATOM: Robustifying Out-of-distribution Detection Using Outlier Mining
We show that, by mining informative auxiliary OOD data, one can significantly improve OOD detection performance, and somewhat surprisingly, generalize to unseen adversarial attacks.
Out-of-Distribution Detection
Out of Distribution (OOD) Detection
Informative Outlier Matters: Robustifying Out-of-distribution Detection Using Outlier Mining
We show that, by mining informative auxiliary OOD data, one can significantly improve OOD detection performance, and somewhat surprisingly, generalize to unseen adversarial attacks.
Out-of-Distribution Detection
Out of Distribution (OOD) Detection
Test-Time Adaptation and Adversarial Robustness
On the positive side, we show that, if one is allowed to access the training data, then Domain Adversarial Neural Networks (${\sf DANN}$), an algorithm designed for unsupervised domain adaptation, can provide nontrivial robustness in the test-time maximin threat model against strong transfer attacks and adaptive fixed point attacks.
Towards Adversarial Robustness via Transductive Learning
Compared to traditional "test-time" defenses, these defense mechanisms "dynamically retrain" the model based on test time input via transductive learning; and theoretically, attacking these defenses boils down to bilevel optimization, which seems to raise the difficulty for adaptive attacks.
Detecting Errors and Estimating Accuracy on Unlabeled Data with Self-training Ensembles
This observation leads to two challenging tasks: (1) unsupervised accuracy estimation, which aims to estimate the accuracy of a pre-trained classifier on a set of unlabeled test inputs; (2) error detection, which aims to identify mis-classified test inputs.
Towards Evaluating the Robustness of Neural Networks Learned by Transduction
There has been emerging interest in using transductive learning for adversarial robustness (Goldwasser et al., NeurIPS 2020; Wu et al., ICML 2020; Wang et al., ArXiv 2021).
Towards Efficiently Evaluating the Robustness of Deep Neural Networks in IoT Systems: A GAN-based Method
Through extensive experiments, AI-GAN achieves high attack success rates, outperforming existing methods, and reduces generation time significantly.
Revisiting Adversarial Robustness of Classifiers With a Reject Option
Motivated by this metric, we propose novel loss functions and a robust training method -- \textit{stratified adversarial training with rejection} (SATR) -- for a classifier with reject option, where the goal is to accept and correctly-classify small input perturbations, while allowing the rejection of larger input perturbations that cannot be correctly classified.
Concept-based Explanations for Out-Of-Distribution Detectors
Based on these metrics, we propose an unsupervised framework for learning a set of concepts that satisfy the desired properties of high detection completeness and concept separability, and demonstrate its effectiveness in providing concept-based explanations for diverse off-the-shelf OOD detectors.
The Trade-off between Universality and Label Efficiency of Representations from Contrastive Learning
foundation models) has recently become a prevalent learning paradigm, where one first pre-trains a representation using large-scale unlabeled data, and then learns simple predictors on top of the representation using small labeled data from the downstream tasks.
Is forgetting less a good inductive bias for forward transfer?
We argue that the measure of forward transfer to a task should not be affected by the restrictions placed on the continual learner in order to preserve knowledge of previous tasks.
ASPEST: Bridging the Gap Between Active Learning and Selective Prediction
In this work, we introduce a new learning paradigm, active selective prediction, which aims to query more informative samples from the shifted target domain while increasing accuracy and coverage.
Stratified Adversarial Robustness with Rejection
We theoretically analyze the stratified rejection setting and propose a novel defense method -- Adversarial Training with Consistent Prediction-based Rejection (CPR) -- for building a robust selective classifier.
Two Heads are Better than One: Towards Better Adversarial Robustness by Combining Transduction and Rejection
Nevertheless, under recent strong adversarial attacks (GMSA, which has been shown to be much more effective than AutoAttack against transduction), Goldwasser et al.'s work was shown to have low performance in a practical deep-learning setting.
Adaptation with Self-Evaluation to Improve Selective Prediction in LLMs
Large language models (LLMs) have recently shown great advances in a variety of tasks, including natural language understanding and generation.
