adversarial robustness
Statistical Guarantees for Distributionally Robust Optimization with Optimal Transport and OT-Regularized Divergences
Birrell, Jeremiah, Shen, Xiaoxi
We study finite-sample statistical performance guarantees for distributionally robust optimization (DRO) with optimal transport (OT) and OT-regularized divergence model neighborhoods. Specifically, we derive concentration inequalities for supervised learning via DRO-based adversarial training, as commonly employed to enhance the adversarial robustness of machine learning models. Our results apply to a wide range of OT cost functions, beyond the $p$-Wasserstein case studied by previous authors. In particular, our results are the first to: 1) cover soft-constraint norm-ball OT cost functions; soft-constraint costs have been shown empirically to enhance robustness when used in adversarial training, 2) apply to the combination of adversarial sample generation and adversarial reweighting that is induced by using OT-regularized $f$-divergence model neighborhoods; the added reweighting mechanism has also been shown empirically to further improve performance. In addition, even in the $p$-Wasserstein case, our bounds exhibit better behavior as a function of the DRO neighborhood size than previous results when applied to the adversarial setting.
- North America > United States > Texas (0.04)
- Europe > United Kingdom > England > Cambridgeshire > Cambridge (0.04)
- Asia > Middle East > Jordan (0.04)
Explicit Tradeoffs between Adversarial and Natural Distributional Robustness
Results averaged over ResNet18 and ResNet50.
- North America > United States > Maryland (0.04)
- North America > United States > California (0.04)
- North America > Canada > British Columbia > Vancouver (0.04)
- Asia > Middle East > Jordan (0.04)
- North America > United States (0.14)
- Asia (0.04)
- Information Technology > Security & Privacy (0.47)
- Government (0.47)
DAT: Improving Adversarial Robustness via Generative Amplitude Mix-up in Frequency Domain Fengpeng Li1 Kemou Li1 Haiwei Wu
Recent studies show that adversarial attacks disproportionately impact the patterns within the phase of the sample's frequency spectrum--typically containing
- North America > United States > California > Los Angeles County > Long Beach (0.14)
- North America > United States > Louisiana > Orleans Parish > New Orleans (0.04)
- Asia > Macao (0.04)
- (25 more...)
- Information Technology > Security & Privacy (0.36)
- Government > Military (0.36)
- Information Technology > Artificial Intelligence > Natural Language (1.00)
- Information Technology > Artificial Intelligence > Machine Learning > Neural Networks > Deep Learning (0.93)
- Information Technology > Artificial Intelligence > Representation & Reasoning (0.92)
- Information Technology > Data Science (0.68)
CausalDiff: Causality-Inspired Disentanglement via Diffusion Model for Adversarial Defense
CAS stands for Chinese Academy of Sciences 38th Conference on Neural Information Processing Systems (NeurIPS 2024).
- Asia > Middle East > Jordan (0.04)
- Asia > China (0.04)
- Asia > Singapore (0.04)
- Europe > Slovenia > Drava > Municipality of Benedikt > Benedikt (0.04)
- Europe > Netherlands > North Brabant > Eindhoven (0.04)
- Research Report > Experimental Study (1.00)
- Research Report > New Finding (0.92)
- Information Technology > Security & Privacy (1.00)
- Government > Military (0.68)
Improving Robustness with Adaptive Weight Decay
Deep Neural Networks (DNNs) have exceeded human capability on many computer vision tasks.
- Asia > Middle East > Jordan (0.04)
- North America > United States > California > Santa Clara County > Cupertino (0.04)
Characterization of Overfitting in Robust Multiclass Classification
Nonetheless, modern machine learning is adaptive in its nature. Prior information about a model's performance on the test set inevitably influences