We propose a novel algorithm, Salient Conditional Diffusion (Sancdifi), a state-of-the-art defense against backdoor attacks. Sancdifi uses a denoising diffusion probabilistic model (DDPM) to degrade an image with noise and then recover said image using the learned reverse diffusion. Critically, we compute saliency map-based masks to condition our diffusion, allowing for stronger diffusion on the most salient pixels by the DDPM. As a result, Sancdifi is highly effective at diffusing out triggers in data poisoned by backdoor attacks. At the same time, it reliably recovers salient features when applied to clean data. This performance is achieved without requiring access to the model parameters of the Trojan network, meaning Sancdifi operates as a black-box defense.

The loss landscapes of deep neural networks are not well understood due to their high nonconvexity. Empirically, the local minima of these loss functions can be connected by a learned curve in model space, along which the loss remains nearly constant; a feature known as mode connectivity. Yet, current curve finding algorithms do not consider the influence of symmetry in the loss surface created by model weight permutations. We propose a more general framework to investigate the effect of symmetry on landscape connectivity by accounting for the weight permutations of the networks being connected. To approximate the optimal permutation, we introduce an inexpensive heuristic referred to as neuron alignment. Neuron alignment promotes similarity between the distribution of intermediate activations of models along the curve. We provide theoretical analysis establishing the benefit of alignment to mode connectivity based on this simple heuristic. We empirically verify that the permutation given by alignment is locally optimal via a proximal alternating minimization scheme. Empirically, optimizing the weight permutation is critical for efficiently learning a simple, planar, low-loss curve between networks that successfully generalizes. Our alignment method can significantly alleviate the recently identified robust loss barrier on the path connecting two adversarial robust models and find more robust and accurate models on the path.

Of recent interest in the deep learning community, generative models have proved to be powerful tools for many tasks including synthetic data generation and style transfer [1]. Geometric deep learning is a new field interested in extending such success of deep learning to non-Euclidean structured data [2]. The development of this field is timely given the recent proliferation of point cloud and mesh structured data obtained from sources such as laserscanners [3] and CAD software [4]. Particularly, mesh based convolutional autoencoders (MeshVAEs) are now a popular tool for generating surfaces [5, 6, 7, 8]. These models process a surface via geometric convolutions that respect its intrinsic geometry. With these VAEs achieving state-of-the-art performance on tasks such as reconstruction, more attention is being given towards tasks such as latent space interpretability. Geometric disentanglement, where the latent variables controlling intrinsic (properties independent of surface embedding) and extrinsic (properties dependent on surface embedding) geometry are separated [9], is an important open problem related to such interpretability. Applications include graphics, where a typical example is a disentangled latent space separating identity and pose in the case of human body generation [10, 11].