Search Results for author:
Found 30 papers, 15 papers with code
Revisiting DeepFool: generalization and improvement
Our proposed attacks are also suitable for evaluating the robustness of large models and can be used to perform adversarial training (AT) to achieve state-of-the-art robustness to minimal l2 adversarial perturbations.
The Enemy of My Enemy is My Friend: Exploring Inverse Adversaries for Improving Adversarial Training
To circumvent this issue, we propose a novel adversarial training scheme that encourages the model to produce similar outputs for an adversarial example and its ``inverse adversarial'' counterpart.
PRIME: A few primitives can boost robustness to common corruptions
Despite their impressive performance on image classification tasks, deep networks have a hard time generalizing to unforeseen corruptions of their data.
Ranked #19 on
Domain Generalization
on ImageNet-C
Vehicle trajectory prediction works, but not everywhere
We further show that the generated scenes (i) are realistic since they do exist in the real world, and (ii) can be used to make existing models more robust, yielding 30-40 reductions in the off-road rate.
Reducing Excessive Margin to Achieve a Better Accuracy vs. Robustness Trade-off
While adversarial training has become the de facto approach for training robust classifiers, it leads to a drop in accuracy.
On the exploitative behavior of adversarial training against adversarial attacks
Adversarial attacks have been developed as intentionally designed perturbations added to the inputs in order to fool deep neural network classifiers.
An evaluation of quality and robustness of smoothed explanations
However, a combination of additive and non-additive attacks can still manipulate these explanations, which reveals shortcomings in their robustness properties.
Are socially-aware trajectory prediction models really socially-aware?
An attack is a small yet carefully-crafted perturbations to fail predictors.
Adversarial training may be a double-edged sword
Adversarial training has been shown as an effective approach to improve the robustness of image classifiers against white-box attacks.
Helper-based Adversarial Training: Reducing Excessive Margin to Achieve a Better Accuracy vs. Robustness Trade-off
While adversarial training has become the de facto approach for training robust classifiers, it leads to a drop in accuracy.
What can linearized neural networks actually say about generalization?
For certain infinitely-wide neural networks, the neural tangent kernel (NTK) theory fully characterizes generalization, but for the networks used in practice, the empirical NTK only provides a rough first-order approximation.
Uniform Convergence, Adversarial Spheres and a Simple Remedy
By considering a specific dataset, it was observed that a neural network completely misclassifies a projection of the training data (adversarial set), rendering any existing generalization bound based on uniform convergence vacuous.
Understanding Catastrophic Overfitting in Adversarial Training
In this paper, we find CO is not only limited to FGSM, but also happens in $\mbox{DF}^{\infty}$-1 adversarial training.
A neural anisotropic view of underspecification in deep learning
In this work, we propose to study this problem from a geometric perspective with the aim to understand two key characteristics of neural network solutions in underspecified settings: how is the geometry of the learned function related to the data representation?
Optimism in the Face of Adversity: Understanding and Improving Deep Learning through Adversarial Robustness
In this article, we provide an in-depth review of the field of adversarial robustness in deep learning, and give a self-contained introduction to its main notions.
Neural Anisotropy Directions
In this work, we analyze the role of the network architecture in shaping the inductive bias of deep classifiers.
GeoDA: a geometric framework for black-box adversarial attacks
We propose a geometric framework to generate adversarial examples in one of the most challenging black-box settings where the adversary can only generate a small number of queries, each of them returning the top-$1$ label of the classifier.
Hold me tight! Influence of discriminative features on deep network boundaries
In this work, we borrow tools from the field of adversarial robustness, and propose a new perspective that relates dataset features to the distance of samples to the decision boundary.
A geometry-inspired decision-based attack
The qFool method can drastically reduce the number of queries compared to previous decision-based attacks while reaching the same quality of adversarial examples.
Robustness via curvature regularization, and vice versa
State-of-the-art classifiers have been shown to be largely vulnerable to adversarial perturbations.
SparseFool: a few pixels make a big difference
Deep Neural Networks have achieved extraordinary results on image classification tasks, but have been shown to be vulnerable to attacks with carefully crafted perturbations of the input data.
Empirical Study of the Topology and Geometry of Deep Networks
We specifically study the topology of classification regions created by deep networks, as well as their associated decision boundary.
Divide, Denoise, and Defend against Adversarial Attacks
Improving the robustness of neural networks against these attacks is important, especially for security-critical applications.
Adaptive Quantization for Deep Neural Network
First, we propose a measurement to estimate the effect of parameter quantization errors in individual layers on the overall model prediction accuracy.
Geometric robustness of deep networks: analysis and improvement
We propose ManiFool as a simple yet scalable algorithm to measure the invariance of deep networks.
Classification regions of deep neural networks
The goal of this paper is to analyze the geometric properties of deep neural network classifiers in the input space.
Robustness of classifiers to universal perturbations: a geometric perspective
Deep networks have recently been shown to be vulnerable to universal perturbations: there exist very small image-agnostic perturbations that cause most natural images to be misclassified by such classifiers.
Universal adversarial perturbations
Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability.
Robustness of classifiers: from adversarial to random noise
Moreover, we quantify the robustness of classifiers in terms of the subspace dimension in the semi-random noise regime, and show that our bounds remarkably interpolate between the worst-case and random noise regimes.
DeepFool: a simple and accurate method to fool deep neural networks
State-of-the-art deep neural networks have achieved impressive results on many image classification tasks.
