Goto

Collaborating Authors

 pgd attack

7cde9bd7774c9f5056cb6e5474fbadff-Paper-Conference.pdf

Adversarial training for free!

Neural Information Processing Systems

Neural Information Processing Systems http://nips.cc/

246a3c5544feb054f3ea718f61adfa16-AuthorFeedback.pdf

b36ed8a07e3cd80ee37138524690eca1-Supplemental.pdf

8b4066554730ddfaa0266346bdc1b202-AuthorFeedback.pdf

Robustness Guarantees for Adversarially Trained Neural Networks

Neural Information Processing Systems

This allows us to give a convergence guarantee for the inner-loop PGD attack.

Adversarial training for free!

Neural Information Processing Systems

Neural Information Processing Systems http://nips.cc/

246a3c5544feb054f3ea718f61adfa16-AuthorFeedback.pdf

DAC-LoRA: Dynamic Adversarial Curriculum for Efficient and Robust Few-Shot Adaptation

arXiv.org Artificial Intelligence

Vision-Language Models (VLMs) are foundational to critical applications like autonomous driving, medical diagnosis, and content moderation. While Parameter-Efficient Fine-Tuning (PEFT) methods like LoRA enable their efficient adaptation to specialized tasks, these models remain vulnerable to adversarial attacks that can compromise safety-critical decisions. CLIP, the backbone for numerous downstream VLMs, is a high-value target whose vulnerabilities can cascade across the multimodal AI ecosystem. We propose Dynamic Adversarial Curriculum DAC-LoRA, a novel framework that integrates adversarial training into PEFT. The core principle of our method i.e. an intelligent curriculum of progressively challenging attack, is general and can potentially be applied to any iterative attack method. Guided by the First-Order Stationary Condition (FOSC) and a TRADES-inspired loss, DAC-LoRA achieves substantial improvements in adversarial robustness without significantly compromising clean accuracy. Our work presents an effective, lightweight, and broadly applicable method to demonstrate that the DAC-LoRA framework can be easily integrated into a standard PEFT pipeline to significantly enhance robustness.

[Re] Improving Interpretation Faithfulness for Vision Transformers

arXiv.org Artificial Intelligence

This work aims to reproduce the results of Faithful Vision Transformers (FViTs) proposed by Hu et al. (2024) alongside interpretability methods for Vision Transformers from Chefer et al. (2021) and Xu et al. (2022). We investigate claims made by Hu et al. (2024), namely that the usage of Diffusion Denoised Smoothing (DDS) improves interpretability robustness to (1) attacks in a segmentation task and (2) perturbation and attacks in a classification task. We also extend the original study by investigating the authors' claims that adding DDS to any interpretability method can improve its robustness under attack. This is tested on baseline methods and the recently proposed Attribution Rollout method.