Achieving Robustness in the Wild via Adversarial Mixing with Disentangled Representations

Gowal, Sven; Qin, Chongli; Huang, Po-Sen; Cemgil, Taylan; Dvijotham, Krishnamurthy; Mann, Timothy; Kohli, Pushmeet

doi:10.48550/arxiv.1912.03192

Cited by 8 publications

(13 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Improving the generalization of deep learning models has become a major research topic, with many different threads of research including Bayesian deep learning (Neal, 1996;Gal, 2016), adversarial (Engstrom et al, 2019;Jacobsen et al, 2018) and non-adversarial (Hendrycks & Dietterich, 2019;Yin et al, 2019) robustness, causality (Arjovsky et al, 2019), and other works aimed at distinguishing statistical features from semantic features (Gowal et al, 2019;Geirhos et al, 2018). While neural networks often exhibit superhuman generalization performance on the training distribution, they can be extremely sensitive to minute changes in distribution (Su et al, 2019;Engstrom et al, 2017; In this work, we consider out-of-distribution (OoD) generalization, where a model must generalize to new distributions at test time without seeing any training data from them.…”

Section: Introductionmentioning

confidence: 99%

Out-of-Distribution Generalization via Risk Extrapolation (REx)

Krueger,

Caballero,

Jacobsen

et al. 2020

Preprint

113

View full text Add to dashboard Cite

Generalizing outside of the training distribution is an open challenge for current machine learning systems. A weak form of out-of-distribution (OoD) generalization is the ability to successfully interpolate between multiple observed distributions. One way to achieve this is through robust optimization, which seeks to minimize the worstcase risk over convex combinations of the training distributions. However, a much stronger form of OoD generalization is the ability of models to extrapolate beyond the distributions observed during training. In pursuit of strong OoD generalization, we introduce the principle of Risk Extrapolation (REx). REx can be viewed as encouraging robustness over affine combinations of training risks, by encouraging strict equality between training risks. We show conceptually how this principle enables extrapolation, and demonstrate the effectiveness and scalability of instantiations of REx on various OoD generalization tasks. Our code can be found at https://github.com/capybaralet/ REx_code_release.

show abstract

Section: Introductionmentioning

confidence: 99%

Out-of-Distribution Generalization via Risk Extrapolation (REx)

Krueger,

Caballero,

Jacobsen

et al. 2020

Preprint

113

View full text Add to dashboard Cite

show abstract

“…However, the projection of test data tends to escape from this sub-manifold into the region where the comparator function is never trained on, resulting in incorrect prediction. [44,8], adversarially learn representations that are domain-invariant [28,1], disentangling representations to separate functional variables with spurious correlations [19,15], and constructing models with innate causal inference graphs to reduce dependence on spurious correlations [3,7]. Our work aligns more with the line of works on discovering inductive-bias that improves generalisation.…”

Section: Why Low Dimension?mentioning

confidence: 68%

Extrapolatable Relational Reasoning With Comparators in Low-Dimensional Manifolds

Wang¹,

Jamnik²,

Lió³

2020

Preprint

View full text Add to dashboard Cite

While modern deep neural architectures generalise well when test data is sampled from the same distribution as training data, they fail badly for cases when the test data distribution differs from the training distribution even along a few dimensions. This lack of out-of-distribution generalisation is increasingly manifested when the tasks become more abstract and complex, such as in relational reasoning. In this paper we propose a neuroscience-inspired inductive-biased module that can be readily amalgamated with current neural network architectures to improve outof-distribution (o.o.d) generalisation performance on relational reasoning tasks. This module learns to project high-dimensional object representations to lowdimensional manifolds for more efficient and generalisable relational comparisons. We show that neural nets with this inductive bias achieve considerably better o.o.d generalisation performance for a range of relational reasoning tasks. We finally analyse the proposed inductive bias module to understand the importance of lower dimension projection, and propose an augmentation to the algorithmic alignment theory to better measure algorithmic alignment with generalisation.

show abstract

“…Generative modeling and adversarial robustness Relevant to our work is that which combines aspects of generative modeling with adversarial examples [Xiao et al, 2018a, Sharif et al, 2019, Bhattad et al, 2020, most of which either use p perturbations, run user studies to define the perturbation set, or simply do not restrict the adversary at all. Gowal et al [2019] trained a StyleGAN to disentangle real-world perturbations when no perturbation information is known in advance. However the resulting perturbation set relies on a stochastic approximation, and it is not immediately obvious what this set will ultimately capture.…”

Section: Background and Related Workmentioning

confidence: 99%

Learning perturbation sets for robust machine learning

Wong,

Kolter

2020

Preprint

View full text Add to dashboard Cite

Although much progress has been made towards robust deep learning, a significant gap in robustness remains between real-world perturbations and more narrowly defined sets typically studied in adversarial defenses. In this paper, we aim to bridge this gap by learning perturbation sets from data, in order to characterize realworld effects for robust training and evaluation. Specifically, we use a conditional generator that defines the perturbation set over a constrained region of the latent space. We formulate desirable properties that measure the quality of a learned perturbation set, and theoretically prove that a conditional variational autoencoder naturally satisfies these criteria. Using this framework, our approach can generate a variety of perturbations at different complexities and scales, ranging from baseline digit transformations, through common image corruptions, to lighting variations. We measure the quality of our learned perturbation sets both quantitatively and qualitatively, finding that our models are capable of producing a diverse set of meaningful perturbations beyond the limited data seen during training. Finally, we leverage our learned perturbation sets to learn models which have improved generalization performance and are empirically and certifiably robust to adversarial image corruptions and adversarial lighting variations. All code and configuration files for reproducing the experiments as well as pretrained model weights can be found at https://github.com/locuslab/perturbation_learning.Preprint. Under review.

show abstract

Achieving Robustness in the Wild via Adversarial Mixing with Disentangled Representations

Cited by 8 publications

References 41 publications

Out-of-Distribution Generalization via Risk Extrapolation (REx)

Out-of-Distribution Generalization via Risk Extrapolation (REx)

Extrapolatable Relational Reasoning With Comparators in Low-Dimensional Manifolds

Learning perturbation sets for robust machine learning

Contact Info

Product

Resources

About