Rearchitecting Classification Frameworks For Increased Robustness
Varun Chandrasekaran, Brian Tang, Nicolas Papernot, Kassem Fawaz,, Somesh Jha, Xi Wu
TL;DR
This paper proposes a new classification framework that leverages object invariances to improve neural network robustness against adversarial inputs without sacrificing accuracy.
Contribution
It introduces methods to extract and model invariances and designs a classification paradigm that enhances robustness and accuracy simultaneously.
Findings
Invariance-based methods improve robustness to adversarial attacks.
The proposed framework maintains high accuracy on natural inputs.
Experimental results show better robustness-accuracy trade-offs.
Abstract
While generalizing well over natural inputs, neural networks are vulnerable to adversarial inputs. Existing defenses against adversarial inputs have largely been detached from the real world. These defenses also come at a cost to accuracy. Fortunately, there are invariances of an object that are its salient features; when we break them it will necessarily change the perception of the object. We find that applying invariants to the classification task makes robustness and accuracy feasible together. Two questions follow: how to extract and model these invariances? and how to design a classification paradigm that leverages these invariances to improve the robustness accuracy trade-off? The remainder of the paper discusses solutions to the aformenetioned questions.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Advanced Malware Detection Techniques