Impact of Spatial Frequency Based Constraints on Adversarial Robustness

Bernhard, Rémi; Moëllic, Pierre-Alain; Mermillod, Martial; Bourrier, Yannick; Cohendet, Romain; Solinas, Miguel; Reyboz, Marina

doi:10.1109/ijcnn52387.2021.9534307

Cited by 9 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…adversarial training, gaussian noise augmentation) exhibit di erent sensitivities to perturbations along Fourier frequency components. [Ber+21] investigated the extent to which constraining models to use only the lowest (or highest) Fourier frequency components of input data provided perturbation robustness, also nding signi cant variability accross datasets. [AHW21] tested the extent to which CNNs relied on various frequency bands by measuring model error on inputs where certain frequencies were removed, again nding a striking amount of variability accross datasets.…”

Section: Related Workmentioning

confidence: 99%

“…On the other hand, more recent research has revealed a number of less desirable and potentially data-dependent biases of CNNs, such as a tendency to make predictions on the basis of texture features [Gei+19]. Moreover, it has been repeatedly observed that CNNs are sensitive to perturbations in targeted ranges of the Fourier frequency spectrum [GFW19; SDB19] and further investigation has shown that these frequency ranges are dependent on training data [AHW21;Ber+21;Mai+22;Yin+19]. In this work, we provide a mathematical explanation for these frequency space phenomena, showing with theory and experiments that neural network training causes CNNs to be most sensitive to frequencies that are prevalent in the training data distribution.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Convolutional networks inherit frequency sensitivity from image statistics

Godfrey¹,

Bishoff²,

McKay³

et al. 2022

Preprint

View full text Add to dashboard Cite

It is widely acknowledged that trained convolutional neural networks (CNNs) have di erent levels of sensitivity to signals of di erent frequency. In particular, a number of empirical studies have documented CNNs sensitivity to low-frequency signals. In this work we show with theory and experiments that this observed sensitivity is a consequence of the frequency distribution of natural images, which is known to have most of its power concentrated in low-to-mid frequencies. Our theoretical analysis relies on representations of the layers of a CNN in frequency space, an idea that has previously been used to accelerate computations and study implicit bias of network training algorithms, but to the best of our knowledge has not been applied in the domain of model robustness.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Convolutional networks inherit frequency sensitivity from image statistics

Godfrey¹,

Bishoff²,

McKay³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Thus, adversarial examples can attack such models by slightly altering the image in these frequency bands. While this may vary by dataset [34][35][36], at least some high-frequency is always present as e.g. adversarial attacks can be detected in the frequency spectrum [37].…”

Section: A Frequency Perspective On Adversarial Training and Out-of D...mentioning

confidence: 99%

Adversarial Robustness through the Lens of Convolutional Filters

Gavrikov

Keuper

2022

2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)

View full text Add to dashboard Cite

Neural networks have a number of shortcomings. Amongst the severest ones is the sensitivity to distribution shifts which allows models to be easily fooled into wrong predictions by small perturbations to inputs that are often imperceivable to humans and do not have to carry semantic meaning. Adversarial training poses a partial solution to address this issue by training models on worst-case perturbations. Yet, recent work has also pointed out that the reasoning in neural networks is different from humans. Humans identify objects by shape, while neural nets mainly employ texture cues. Exemplarily, a model trained on photographs will likely fail to generalize to datasets containing sketches. Interestingly, it was also shown that adversarial training seems to favorably increase the shift toward shape bias. In this work, we revisit this observation and provide an extensive analysis of this effect on various architectures, the common 2 -and ∞ -training, and Transformer-based models. Further, we provide a possible explanation for this phenomenon from a frequency perspective.

show abstract

Adversarial Perturbations Straight on JPEG Coefficients

Sielmann,

Stelldinger

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Impact of Spatial Frequency Based Constraints on Adversarial Robustness

Cited by 9 publications

References 20 publications

Convolutional networks inherit frequency sensitivity from image statistics

Convolutional networks inherit frequency sensitivity from image statistics

Adversarial Robustness through the Lens of Convolutional Filters

Adversarial Perturbations Straight on JPEG Coefficients

Contact Info

Product

Resources

About