Voting based ensemble improves robustness of defensive models

by   Devvrit, et al.

Developing robust models against adversarial perturbations has been an active area of research and many algorithms have been proposed to train individual robust models. Taking these pretrained robust models, we aim to study whether it is possible to create an ensemble to further improve robustness. Several previous attempts tackled this problem by ensembling the soft-label prediction and have been proved vulnerable based on the latest attack methods. In this paper, we show that if the robust training loss is diverse enough, a simple hard-label based voting ensemble can boost the robust error over each individual model. Furthermore, given a pool of robust models, we develop a principled way to select which models to ensemble. Finally, to verify the improved robustness, we conduct extensive experiments to study how to attack a voting-based ensemble and develop several new white-box attacks. On CIFAR-10 dataset, by ensembling several state-of-the-art pre-trained defense models, our method can achieve a 59.8 defensive models without using additional data.


page 1

page 2

page 3

page 4


MORA: Improving Ensemble Robustness Evaluation with Model-Reweighing Attack

Adversarial attacks can deceive neural networks by adding tiny perturbat...

How can voting mechanisms improve the robustness and generalizability of toponym disambiguation?

A vast amount of geographic information exists in natural language texts...

RRMSE Voting Regressor: A weighting function based improvement to ensemble regression

This paper describes the RRMSE (Relative Root Mean Square Error) based w...

Enhancing Certifiable Robustness via a Deep Model Ensemble

We propose an algorithm to enhance certified robustness of a deep model ...

Please sign up or login with your details

Forgot password? Click here to reset