Improving Adversarial Robustness by Enforcing Local and Global Compactness

Bui, Anh; Le, Trung; He, Zuyuan; Montague, Paul; deVel, Olivier; Abraham, Tamas; Phung, Dinh

doi:10.48550/arxiv.2007.05123

Cited by 2 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The experiments are conducted on the CIFAR10 and CIFAR100 datasets. The comparison on Tables (4,5,6) shows that our ASCL method significantly improves both adversarial training based models by around 4% to 5% robust accuracy. Moreover, our ASCL also outperforms the ADR method by around 1% to 2% with ResNet20 and 2.6% with ResNet50.…”

Section: Robustness Evaluationmentioning

confidence: 97%

“…We apply the two versions, ASCL and Leaked-ASCL, as a regularization on top of two adversarial training methods, PGD adversarial training (ADV) [22] and TRADES [36]. We compare our methods with ADR which is the state-ofthe-art regularization technique as proposed in [4]. The experiments are conducted on the CIFAR10 and CIFAR100 datasets.…”

Section: Robustness Evaluationmentioning

confidence: 99%

“…Among them, the adversarial training methods (e.g, FGSM, PGD adversarial training [13,22] and TRADES [36] that utilize adversarial examples as training data, have been one of the most effective approaches, which truly boost the model robustness without the facing the problem of obfuscated gradients [3]. In adversarial training, recent works [34,4] show that reducing the divergence of the representations of images and their adversarial examples in latent space (e.g., the feature space output from an intermediate layer of a classifier) can significantly improve the robustness. For example, in [4], latent representations of images in the same class are pulled closer together than those in different classes, which led to a more compact latent space and consequently, better robustness.…”

Section: Introductionmentioning

confidence: 99%

“…In adversarial training, recent works [34,4] show that reducing the divergence of the representations of images and their adversarial examples in latent space (e.g., the feature space output from an intermediate layer of a classifier) can significantly improve the robustness. For example, in [4], latent representations of images in the same class are pulled closer together than those in different classes, which led to a more compact latent space and consequently, better robustness.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Understanding and Achieving Efficient Robustness with Adversarial Supervised Contrastive Learning

Bui¹,

Le²,

He³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Contrastive learning (CL) has recently emerged as an effective approach to learning representation in a range of downstream tasks. Central to this approach is the selection of positive (similar) and negative (dissimilar) sets to provide the model the opportunity to 'contrast' between data and class representation in the latent space. In this paper, we investigate CL for improving model robustness using adversarial samples. We first designed and performed a comprehensive study to understand how adversarial vulnerability behaves in the latent space. Based on these empirical evidences, we propose an effective and efficient supervised contrastive learning to achieve model robustness against adversarial attacks. Moreover, we propose a new sample selection strategy that optimizes the positive/negative sets by removing redundancy and improving correlation with the anchor. Experiments conducted on benchmark datasets show that our Adversarial Supervised Contrastive Learning (ASCL) approach outperforms the state-of-the-art defenses by 2.6% in terms of the robust accuracy, whilst our ASCL with the proposed selection strategy can further gain 1.4% improvement with only 42.8% positives and 6.3% negatives compared with ASCL without a selection strategy. 1

show abstract

Section: Robustness Evaluationmentioning

confidence: 97%

Section: Robustness Evaluationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Understanding and Achieving Efficient Robustness with Adversarial Supervised Contrastive Learning

Bui¹,

Le²,

He³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Many ADV's variants have been developed including but not limited to: (1) difference in the choice of adversarial examples, e.g., the worst-case examples (I. J. Goodfellow, Shlens, and Szegedy, 2015) or most divergent examples (Hongyang Zhang et al, 2019), (2) difference in the searching of adversarial examples, e.g., non-iterative FGSM, Rand FGSM with random initial point or PGD with multiple iterative gradient descent steps (Madry et al, 2018;Shafahi et al, 2019), (3) difference in additional regularizations, e.g., adding constraints in the latent space (Haichao Zhang and Wang, 2019;Bui et al, 2020), (4) difference in model architecture, e.g., activation function (Xie et al, 2020) or ensemble models (Pang, Xu, et al, 2019).…”

Section: Adversarial Trainingmentioning

confidence: 99%

Improving Ensemble Robustness by Collaboratively Promoting and Demoting Adversarial Robustness

Bui¹,

Le²,

He³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Ensemble-based adversarial training is a principled approach to achieve robustness against adversarial attacks. An important technique of this approach is to control the transferability of adversarial examples among ensemble members. We propose in this work a simple yet effective strategy to collaborate among committee models of an ensemble model. This is achieved via the secure and insecure sets defined for each model member on a given sample, hence help us to quantify and regularize the transferability. Consequently, our proposed framework provides the flexibility to reduce the adversarial transferability as well as to promote the diversity of ensemble members, which are two crucial factors for better robustness in our ensemble approach. We conduct extensive and comprehensive experiments to demonstrate that our proposed method outperforms the state-of-the-art ensemble baselines, at the same time can detect a wide range of adversarial examples with a nearly perfect accuracy.

show abstract

Improving Adversarial Robustness by Enforcing Local and Global Compactness

Cited by 2 publications

References 22 publications

Understanding and Achieving Efficient Robustness with Adversarial Supervised Contrastive Learning

Understanding and Achieving Efficient Robustness with Adversarial Supervised Contrastive Learning

Improving Ensemble Robustness by Collaboratively Promoting and Demoting Adversarial Robustness

Contact Info

Product

Resources

About