Thomas Tanay scite author profile

Deep neural networks have been shown to suffer from a surprising weakness: their classification outputs can be changed by small, non-random perturbations of their inputs. This adversarial example phenomenon has been explained as originating from deep networks being "too linear" (Goodfellow et al., 2014). We show here that the linear explanation of adversarial examples presents a number of limitations: the formal argument is not convincing; linear classifiers do not always suffer from the phenomenon, and when they do their adversarial examples are different from the ones affecting deep networks.We propose a new perspective on the phenomenon. We argue that adversarial examples exist when the classification boundary lies close to the submanifold of sampled data, and present a mathematical analysis of this new perspective in the linear case. We define the notion of adversarial strength and show that it can be reduced to the deviation angle between the classifier considered and the nearest centroid classifier. Then, we show that the adversarial strength can be made arbitrarily high independently of the classification performance due to a mechanism that we call boundary tilting. This result leads us to defining a new taxonomy of adversarial examples. Finally, we show that the adversarial strength observed in practice is directly dependent on the level of regularisation used and the strongest adversarial examples, symptomatic of overfitting, can be avoided by using a proper level of regularisation.

show abstract

NTIRE 2020 Challenge on Real Image Denoising: Dataset, Methods and Results

Abdelhamed¹,

Afifi²,

Timofte³

et al. 2020

View full text Add to dashboard Cite

NTIRE 2021 Challenge on Quality Enhancement of Compressed Video: Methods and Results

Yang

Timofte

Liu

et al. 2021

View full text Add to dashboard Cite

This paper reviews the NTIRE 2022 Challenge on Super-Resolution and Quality Enhancement of Compressed Video. In this challenge, we proposed the LDV 2.0 dataset, which includes the LDV dataset (240 videos) and 95 additional videos. This challenge includes three tracks. Track 1 aims at enhancing the videos compressed by HEVC at a fixed QP. Track 2 and Track 3 target both the superresolution and quality enhancement of HEVC compressed video. They require x2 and x4 super-resolution, respectively. The three tracks totally attract more than 600 registrations. In the test phase, 8 teams, 8 teams and 12 teams submitted the final results to Tracks 1, 2 and 3, respectively. The proposed methods and solutions gauge the state-of-the-art of super-resolution and quality enhancement of compressed video. The proposed LDV 2.0 dataset is available at https://github.com/RenYanghome/LDV_dataset. The homepage of this challenge (including open-sourced codes) is at https://github. com/RenYang-home/NTIRE22_VEnh_SR.

show abstract

Batch Normalization is a Cause of Adversarial Vulnerability

Galloway¹,

Голубева²,

Tanay³

et al. 2019

Preprint

View full text Add to dashboard Cite

Batch normalization (batch norm) is often used in an attempt to stabilize and accelerate training in deep neural networks. In many cases it indeed decreases the number of parameter updates required to achieve low training error. However, it also reduces robustness to small adversarial input perturbations and noise by double-digit percentages, as we show on five standard datasets. Furthermore, substituting weight decay for batch norm is sufficient to nullify the relationship between adversarial vulnerability and the input dimension. Our work is consistent with a mean-field analysis that found that batch norm causes exploding gradients.

show abstract

NTIRE 2020 Challenge on Real Image Denoising: Dataset, Methods and Results

Abdelhamed¹,

Afifi²,

Timofte³

et al. 2020

Preprint

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Thomas Tanay

A Boundary Tilting Persepective on the Phenomenon of Adversarial Examples

NTIRE 2020 Challenge on Real Image Denoising: Dataset, Methods and Results

NTIRE 2021 Challenge on Quality Enhancement of Compressed Video: Methods and Results

Batch Normalization is a Cause of Adversarial Vulnerability

NTIRE 2020 Challenge on Real Image Denoising: Dataset, Methods and Results

Contact Info

Product

Resources

About