Mitigating Adversarial Vulnerability through Causal Parameter Estimation   by Adversarial Double Machine Learning

Byung-Kwan Lee; Junho Kim; Yong Man Ro

arXiv:2307.07250·cs.LG·July 19, 2023

Mitigating Adversarial Vulnerability through Causal Parameter Estimation by Adversarial Double Machine Learning

Byung-Kwan Lee, Junho Kim, Yong Man Ro

PDF

Open Access 1 Repo

TL;DR

This paper introduces a causal inference method called Adversarial Double Machine Learning (ADML) to quantify and mitigate adversarial vulnerabilities in neural networks, improving robustness across various architectures.

Contribution

The paper proposes a novel causal approach, ADML, that directly estimates adversarial vulnerability and enhances robustness beyond existing defense methods.

Findings

01

ADML significantly improves adversarial robustness across CNN and Transformer models.

02

It effectively quantifies the degree of vulnerability for different network predictions.

03

The approach reduces the impact of adversarial perturbations, leading to more resilient models.

Abstract

Adversarial examples derived from deliberately crafted perturbations on visual inputs can easily harm decision process of deep neural networks. To prevent potential threats, various adversarial training-based defense methods have grown rapidly and become a de facto standard approach for robustness. Despite recent competitive achievements, we observe that adversarial vulnerability varies across targets and certain vulnerabilities remain prevalent. Intriguingly, such peculiar phenomenon cannot be relieved even with deeper architectures and advanced defense methods. To address this issue, in this paper, we introduce a causal approach called Adversarial Double Machine Learning (ADML), which allows us to quantify the degree of adversarial vulnerability for network predictions and capture the effect of treatments on outcome of interests. ADML can directly estimate causal parameter of…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

ByungKwanLee/Double-Debiased-Adversary
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning

MethodsMulti-Head Attention · Attention Is All You Need · Linear Layer · Byte Pair Encoding · Position-Wise Feed-Forward Layer · Softmax · Label Smoothing · Residual Connection · Absolute Position Encodings · Adam