Metric Learning for Adversarial Robustness

September 03, 2019 · Entered Twilight · 🏛 Neural Information Processing Systems

"Last commit was 5.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: README.md, config_cifar.json, config_imagenet.json, config_mnist.json, dataloader, eval.py, learning, pgd_attack.py, pgd_attack_GPU.py, poster.pdf, requirements.txt, tSNE.py, tfboard.png, train_at_madry.py, train_natural.py, train_update_fast_triplet.py, utils.py, utils_folder

Authors Chengzhi Mao, Ziyuan Zhong, Junfeng Yang, Carl Vondrick, Baishakhi Ray arXiv ID 1909.00900 Category cs.LG: Machine Learning Cross-listed cs.CR, cs.CV, cs.IR, stat.ML Citations 202 Venue Neural Information Processing Systems Repository https://github.com/columbia/Metric_Learning_Adversarial_Robustness ⭐ 48 Last Checked 2 months ago

Abstract

Deep networks are well-known to be fragile to adversarial attacks. We conduct an empirical analysis of deep representations under the state-of-the-art attack method called PGD, and find that the attack causes the internal representation to shift closer to the "false" class. Motivated by this observation, we propose to regularize the representation space under attack with metric learning to produce more robust classifiers. By carefully sampling examples for metric learning, our learned representation not only increases robustness, but also detects previously unseen adversarial samples. Quantitative experiments show improvement of robustness accuracy by up to 4% and detection efficiency by up to 6% according to Area Under Curve score over prior work. The code of our work is available at https://github.com/columbia/Metric_Learning_Adversarial_Robustness.