Parameterizing Activation Functions for Adversarial Robustness

Dai, Sihui; Mahloujifar, Saeed; Mittal, Prateek

doi:10.1109/spw54247.2022.9833884

Cited by 16 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SiLU further improves the accuracy (Table 1 row 16), which echoes the result in [57]. Recently, Dai et al [9] added learnable parameters to original non-parametric functions, and proposed the parametric counterparts, e.g., ReLU to Parametric ReLU (PReLU) and SiLU to Parametric SiLU (PSiLU) or Parametric Shifted SiLU (PSSiLU). These parametric functions outperform the non-parametric ones on CIFAR-10 [28].…”

Section: Block-level Designmentioning

confidence: 66%

“…A huge number of AT variants have been proposed, e.g., TRADES [64], AWP [56], ADT [15], DART [52], MART [53], CAS [4], Max-Margin AT [14], etc. For the robust DNN research, only a few studies explored how architectures affect robustness [13,36,46,48], e.g., depths [60], widths [55] and activation functions [9,57]. However, the total model capacity is unconstrained along with the architecture modifications.…”

Section: Related Workmentioning

confidence: 99%

“…The guidelines present significant new knowledge and discoveries for our computer vision community. For example, we have discovered (1) deepening a network is more effective than widening it, and there is a sweet spot; (2) specific modifications such as adding Squeeze and Excitation (SE) block, removing the first normalization layer in a block, and reducing the downsampling factor in the stem stage effectively boosts robustness; and (3) architecture designs that harm robustness include inverted bottleneck, large dilation factor, Instance Normalization (IN), parametric activation functions [9], and reducing activation layers. • Top performance against strong adversarial attacks.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

RobArch: Designing Robust Architectures against Adversarial Attacks

Peng¹,

Xu²,

Cornelius³

et al. 2023

Preprint

View full text Add to dashboard Cite

Adversarial Training is the most effective approach for improving the robustness of Deep Neural Networks (DNNs). However, compared to the large body of research in optimizing the adversarial training process, there are few investigations into how architecture components affect robustness, and they rarely constrain model capacity. Thus, it is unclear where robustness precisely comes from. In this work, we present the first large-scale systematic study on the robustness of DNN architecture components under fixed parameter budgets. Through our investigation, we distill 18 actionable robust network design guidelines that empower model developers to gain deep insights. We demonstrate these guidelines' effectiveness by introducing the novel Robust Architecture (RobArch) model that instantiates the guidelines to build a family of top-performing models across parameter capacities against strong adversarial attacks. RobArch achieves the new state-of-the-art AutoAttack accuracy on the RobustBench ImageNet leaderboard. The code is available at https://github.com/ShengYun-Peng/RobArch.

show abstract

Section: Block-level Designmentioning

confidence: 66%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

RobArch: Designing Robust Architectures against Adversarial Attacks

Peng¹,

Xu²,

Cornelius³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Self-COnsistent Robust Error (SCORE) [121] employs local equivariance to minimize the robustness error of a network, easing the reconciliation between robustness and accuracy and dealing with worst-case uncertainty. Parametric Shifted Sigmoidal Linear Unit (PSSiLU) [122] changes the activation function to create high finite curvature and output positive results with negative inputs, creating a parameterized activation function, that is used with adversarial training.…”

Section: Change Lossmentioning

confidence: 99%

How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses

Costa,

Roxo,

Proença

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Deep Learning is currently used to perform multiple tasks, such as object recognition, face recognition, and natural language processing. However, Deep Neural Networks (DNNs) are vulnerable to perturbations that alter the network prediction, named adversarial examples, which raise concerns regarding the usage of DNNs in critical areas, such as Self-driving Vehicles, Malware Detection, and Healthcare. This paper compiles the most recent adversarial attacks in Object Recognition, grouped by the attacker capacity and knowledge, and modern defenses clustered by protection strategies, providing background details to understand the topic of adversarial attacks and defenses. The new advances regarding Vision Transformers are also presented, which have not been previously done in the literature, showing the resemblance and dissimilarity between this architecture and Convolutional Neural Networks. Furthermore, the most used datasets and metrics in adversarial settings are summarized, along with datasets requiring further evaluation, which is another contribution. This survey compares the state-of-the-art results under different attacks for multiple architectures and compiles all the adversarial attacks and defenses with available code, comprising significant contributions to the literature. Finally, practical applications are discussed, and open issues are identified, being a reference for future works.INDEX TERMS Adversarial attacks, adversarial defenses, datasets, evaluation metrics, review, vision transformers.

show abstract

Improving Adversarial Robustness by Penalizing Natural Accuracy

Chandna

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Parameterizing Activation Functions for Adversarial Robustness

Cited by 16 publications

References 15 publications

RobArch: Designing Robust Architectures against Adversarial Attacks

RobArch: Designing Robust Architectures against Adversarial Attacks

How Deep Learning Sees the World: A Survey on Adversarial Attacks & Defenses

Improving Adversarial Robustness by Penalizing Natural Accuracy

Contact Info

Product

Resources

About