Regularized Ensembles and Transferability in Adversarial Learning

12/05/2018
by   Yifan Chen, et al.
0

Despite the considerable success of convolutional neural networks in a broad array of domains, recent research has shown these to be vulnerable to small adversarial perturbations, commonly known as adversarial examples. Moreover, such examples have shown to be remarkably portable, or transferable, from one model to another, enabling highly successful black-box attacks. We explore this issue of transferability and robustness from two dimensions: first, considering the impact of conventional l_p regularization as well as replacing the top layer with a linear support vector machine (SVM), and second, the value of combining regularized models into an ensemble. We show that models trained with different regularizers present barriers to transferability, as does partial information about the models comprising the ensemble.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/19/2022

On the Adversarial Transferability of ConvMixer Models

Deep neural networks (DNNs) are well known to be vulnerable to adversari...
research
07/14/2019

Measuring the Transferability of Adversarial Examples

Adversarial examples are of wide concern due to their impact on the reli...
research
07/26/2023

Enhanced Security against Adversarial Examples Using a Random Ensemble of Encrypted Vision Transformer Models

Deep neural networks (DNNs) are well known to be vulnerable to adversari...
research
09/28/2020

Where Does the Robustness Come from? A Study of the Transformation-based Ensemble Defence

This paper aims to provide a thorough study on the effectiveness of the ...
research
06/14/2023

Reliable Evaluation of Adversarial Transferability

Adversarial examples (AEs) with small adversarial perturbations can misl...
research
04/18/2023

Towards the Transferable Audio Adversarial Attack via Ensemble Methods

In recent years, deep learning (DL) models have achieved significant pro...
research
09/27/2019

Impact of Low-bitwidth Quantization on the Adversarial Robustness for Embedded Neural Networks

As the will to deploy neural networks models on embedded systems grows, ...

Please sign up or login with your details

Forgot password? Click here to reset