Knowledge Enhanced Machine Learning Pipeline against Diverse Adversarial Attacks
Nezihe Merve G\"urel, Xiangyu Qi, Luka Rimanic, Ce Zhang, Bo Li
TL;DR
This paper introduces KEMLP, a novel machine learning pipeline that incorporates domain knowledge into DNNs using probabilistic graphical models, significantly improving robustness against various adversarial attacks while maintaining accuracy.
Contribution
The work presents a new framework integrating domain knowledge with DNNs via logic rules and probabilistic models, enhancing adversarial robustness.
Findings
KEMLP outperforms adversarial training in robustness.
It maintains high accuracy on clean data.
Effective against multiple attack types.
Abstract
Despite the great successes achieved by deep neural networks (DNNs), recent studies show that they are vulnerable against adversarial examples, which aim to mislead DNNs by adding small adversarial perturbations. Several defenses have been proposed against such attacks, while many of them have been adaptively attacked. In this work, we aim to enhance the ML robustness from a different perspective by leveraging domain knowledge: We propose a Knowledge Enhanced Machine Learning Pipeline (KEMLP) to integrate domain knowledge (i.e., logic relationships among different predictions) into a probabilistic graphical model via first-order logic rules. In particular, we develop KEMLP by integrating a diverse set of weak auxiliary models based on their logical relationships to the main DNN model that performs the target task. Theoretically, we provide convergence results and prove that, under mild…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
Taxonomy
TopicsAdversarial Robustness in Machine Learning