Improved robustness to adversarial examples using Lipschitz   regularization of the loss

Chris Finlay; Adam Oberman; Bilal Abbasi

arXiv:1810.00953·cs.LG·September 16, 2019·23 cites

Improved robustness to adversarial examples using Lipschitz regularization of the loss

Chris Finlay, Adam Oberman, Bilal Abbasi

PDF

Open Access 1 Repo

TL;DR

This paper enhances adversarial training by incorporating Lipschitz regularization, leading to significant robustness improvements and verifiable guarantees against adversarial attacks in image classification.

Contribution

It introduces a novel augmentation of adversarial training with Lipschitz regularization, providing improved robustness and theoretical guarantees.

Findings

01

11% robustness improvement over state-of-the-art in CIFAR-10

02

Verifiable average and worst-case robustness guarantees

03

Interpretation of adversarial training as Total Variation Regularization

Abstract

We augment adversarial training (AT) with worst case adversarial training (WCAT) which improves adversarial robustness by 11% over the current state-of-the-art result in the $ℓ_{2}$ norm on CIFAR-10. We obtain verifiable average case and worst case robustness guarantees, based on the expected and maximum values of the norm of the gradient of the loss. We interpret adversarial training as Total Variation Regularization, which is a fundamental tool in mathematical image processing, and WCAT as Lipschitz regularization.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

cfinlay/tulip
pytorch

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · High-Velocity Impact and Material Behavior · Integrated Circuits and Semiconductor Failure Analysis