Toward Efficient Robust Training against Union of ℓ_p Threat Models
Nov 28, 2022
Speakers
Gaurang Sriramanan
Speaker · 1 follower
Maharshi Gor
Speaker · 1 follower
Soheil Feizi
Speaker · 2 followers
About
The overwhelming vulnerability of deep neural networks to carefully crafted perturbations known as adversarial attacks has led to the development of various training techniques to produce robust models. While the primary focus of existing approaches has been directed toward addressing the worst-case performance achieved under a single-threat model, it is imperative that safety-critical systems are robust with respect to multiple threat models simultaneously. Existing approaches that address worst-case performance under the union of such threat models (ℓ_∞, ℓ_2, ℓ_1) either utilize adversarial training methods that require multi-step attacks which are computationally expensive in practice, or rely upon fine-tuning of pre-trained models that are robust with respect to a single-threat model. In this work, we show that by carefully choosing the objective function used for robust training, it is possible to achieve similar, or improved worst-case performance over a union of threat models while utilizing only single-step attacks, thereby achieving a significant reduction in computational resources necessary for training. Furthermore, prior work showed that adversarial training specific to the ℓ_1 threat model is relatively difficult, to the extent that even multi-step adversarially trained models were shown to be prone to gradient-masking. However, the proposed method—when applied on the ℓ_1 threat model specifically—enables us to obtain the first ℓ_1 robust model trained solely with single-step adversaries. Finally, to demonstrate the merits of our approach, we utilize a modern set of attack evaluations to better estimate the worst-case performance under the considered union of threat models.The overwhelming vulnerability of deep neural networks to carefully crafted perturbations known as adversarial attacks has led to the development of various training techniques to produce robust models. While the primary focus of existing approaches has been directed toward addressing the worst-case performance achieved under a single-threat model, it is imperative that safety-critical systems are robust with respect to multiple threat models simultaneously. Existing approaches that address wors…
Organizer
NeurIPS 2022
Account · 957 followers
Like the format? Trust SlidesLive to capture your next event!
Professional recording and live streaming, delivered globally.
Sharing
Recommended Videos
Presentations on similar topic, category or speaker
An Unsupervised Learning Perspective on the Dynamic Contribution to Extreme Precipitation Changes
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Bi-derectional Weakly Supervised Knowledge Distillation for Whole Slide Image Classification
Watch later
Linhao Qu, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Active Bayesian Causal Inference: A Bayesian Active Learning Framework for Integrated Causal Discovery and Reasoning
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Causal Analysis of the TOPCAT Trial: Spironolactone for Preserved Cardiac Function Heart Failure
Watch later
Total of 1 viewers voted for saving the presentation to eternal vault which is 0.1%
A Coupled Design of Exploiting Record Similarity for Vertical Federated Learning
Watch later
Zhaomin Wu, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Large Language Models Still Can't Plan (A Benchmark for LLMs on Planning and Reasoning about Change)
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%