Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations

08/22/2021
by   Inci M. Baytas, et al.
0

Upon the discovery of adversarial attacks, robust models have become obligatory for deep learning-based systems. Adversarial training with first-order attacks has been one of the most effective defenses against adversarial perturbations to this day. The majority of the adversarial training approaches focus on iteratively perturbing each pixel with the gradient of the loss function with respect to the input image. However, the adversarial training with gradient-based attacks lacks diversity and does not generalize well to natural images and various attacks. This study presents a robust training algorithm where the adversarial perturbations are automatically synthesized from a random vector using a generator network. The classifier is trained with cross-entropy loss regularized with the optimal transport distance between the representations of the natural and synthesized adversarial samples. Unlike prevailing generative defenses, the proposed one-step attack generation framework synthesizes diverse perturbations without utilizing gradient of the classifier's loss. Experimental results show that the proposed approach attains comparable robustness with various gradient-based and generative robust training techniques on CIFAR10, CIFAR100, and SVHN datasets. In addition, compared to the baselines, the proposed robust training framework generalizes well to the natural samples. Code and trained models will be made publicly available.

READ FULL TEXT
research
05/28/2019

Certifiably Robust Interpretation in Deep Learning

Although gradient-based saliency maps are popular methods for deep learn...
research
03/21/2023

OTJR: Optimal Transport Meets Optimal Jacobian Regularization for Adversarial Robustness

Deep neural networks are widely recognized as being vulnerable to advers...
research
09/30/2022

Your Out-of-Distribution Detection Method is Not Robust!

Out-of-distribution (OOD) detection has recently gained substantial atte...
research
01/26/2018

Deflecting Adversarial Attacks with Pixel Deflection

CNNs are poised to become integral parts of many critical systems. Despi...
research
03/23/2019

Improving Adversarial Robustness via Guided Complement Entropy

Model robustness has been an important issue, since adding small adversa...
research
01/12/2022

Adversarially Robust Classification by Conditional Generative Model Inversion

Most adversarial attack defense methods rely on obfuscating gradients. T...
research
08/18/2023

Attacking logo-based phishing website detectors with adversarial perturbations

Recent times have witnessed the rise of anti-phishing schemes powered by...

Please sign up or login with your details

Forgot password? Click here to reset