Causal Information Bottleneck Boosts Adversarial Robustness of Deep Neural Network

10/25/2022
by   Huan Hua, et al.
0

The information bottleneck (IB) method is a feasible defense solution against adversarial attacks in deep learning. However, this method suffers from the spurious correlation, which leads to the limitation of its further improvement of adversarial robustness. In this paper, we incorporate the causal inference into the IB framework to alleviate such a problem. Specifically, we divide the features obtained by the IB method into robust features (content information) and non-robust features (style information) via the instrumental variables to estimate the causal effects. With the utilization of such a framework, the influence of non-robust features could be mitigated to strengthen the adversarial robustness. We make an analysis of the effectiveness of our proposed method. The extensive experiments in MNIST, FashionMNIST, and CIFAR-10 show that our method exhibits the considerable robustness against multiple adversarial attacks. Our code would be released.

READ FULL TEXT
research
06/04/2021

Revisiting Hilbert-Schmidt Information Bottleneck for Adversarial Robustness

We investigate the HSIC (Hilbert-Schmidt independence criterion) bottlen...
research
06/11/2021

Adversarial Robustness through the Lens of Causality

The adversarial vulnerability of deep neural networks has attracted sign...
research
06/11/2022

Improving the Adversarial Robustness of NLP Models by Information Bottleneck

Existing studies have demonstrated that adversarial examples can be dire...
research
08/21/2023

Measuring the Effect of Causal Disentanglement on the Adversarial Robustness of Neural Network Models

Causal Neural Network models have shown high levels of robustness to adv...
research
05/25/2023

IDEA: Invariant Causal Defense for Graph Adversarial Robustness

Graph neural networks (GNNs) have achieved remarkable success in various...
research
08/12/2020

Defending Adversarial Examples via DNN Bottleneck Reinforcement

This paper presents a DNN bottleneck reinforcement scheme to alleviate t...
research
06/17/2021

Adversarial Visual Robustness by Causal Intervention

Adversarial training is the de facto most promising defense against adve...

Please sign up or login with your details

Forgot password? Click here to reset