Modeling Biological Immunity to Adversarial Examples

Kim, Edward; Rego, Jocelyn; Watkins, Yijing; Kenyon, Garrett T.

doi:10.1109/cvpr42600.2020.00472

Cited by 18 publications

(11 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is observed in [447] that multitask learning generally results in improving adversarial robustness of the models. Kim et al [448] claim that by leveraging sparsity and other perceptual biological mechanisms, adversarial robustness of models can be improved. Wang et al [449] studied how to calibrate a trained model in-situ, in order to analyze the achievable tradeoffs between the standard and robust accuracy of the model.…”

Section: E Miscellaneous Methodsmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

Deep learning is at the heart of the current rise of artificial intelligence. In the field of Computer Vision, it has become the workhorse for applications ranging from self-driving cars to surveillance and security. Whereas deep neural networks have demonstrated phenomenal success (often beyond human capabilities) in solving complex problems, recent studies show that they are vulnerable to adversarial attacks in the form of subtle perturbations to inputs that lead a model to predict incorrect outputs. For images, such perturbations are often too small to be perceptible, yet they completely fool the deep learning models. Adversarial attacks pose a serious threat to the success of deep learning in practice. This fact has recently lead to a large influx of contributions in this direction. This article presents the first comprehensive survey on adversarial attacks on deep learning in Computer Vision. We review the works that design adversarial attacks, analyze the existence of such attacks and propose defenses against them. To emphasize that adversarial attacks are possible in practical conditions, we separately review the contributions that evaluate adversarial attacks in the real-world scenarios. Finally, drawing on the reviewed literature, we provide a broader outlook of this research direction.

show abstract

Section: E Miscellaneous Methodsmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

show abstract

“…Rather, placing a superficial limitation on a peripheral processing stage attenuated a difference previously attributed to more central processes. Of course, this needn't mean that all human insensitivity to adversarial attacks will be explained in this way (72), but rather that approaches like this can reveal which behavioral differences have more superficial explanations and which have deeper origins. And although Elsayed et al (70) do not use the language of performance and competence, their work perfectly embodies that insight-namely, that fair comparisons must equate constraints.…”

Section: Limit Machines Like Humansmentioning

confidence: 99%

Performance vs. competence in human–machine comparisons

Firestone

2020

Proc. Natl. Acad. Sci. U.S.A.

124

View full text Add to dashboard Cite

Does the human mind resemble the machines that can behave like it? Biologically inspired machine-learning systems approach “human-level” accuracy in an astounding variety of domains, and even predict human brain activity—raising the exciting possibility that such systems represent the world like we do. However, even seemingly intelligent machines fail in strange and “unhumanlike” ways, threatening their status as models of our minds. How can we know when human–machine behavioral differences reflect deep disparities in their underlying capacities, vs. when such failures are only superficial or peripheral? This article draws on a foundational insight from cognitive science—the distinction between performance and competence—to encourage “species-fair” comparisons between humans and machines. The performance/competence distinction urges us to consider whether the failure of a system to behave as ideally hypothesized, or the failure of one creature to behave like another, arises not because the system lacks the relevant knowledge or internal capacities (“competence”), but instead because of superficial constraints on demonstrating that knowledge (“performance”). I argue that this distinction has been neglected by research comparing human and machine behavior, and that it should be essential to any such comparison. Focusing on the domain of image classification, I identify three factors contributing to the species-fairness of human–machine comparisons, extracted from recent work that equates such constraints. Species-fair comparisons level the playing field between natural and artificial intelligence, so that we can separate more superficial differences from those that may be deep and enduring.

show abstract

“…Although we do not provide decision-based attack results, other empirical work suggests that robustness in this regime can be improved with population nonlinearities, sparsity, and recurrence. For example, robustness to decision-based attacks has been shown by imposing sparsification ( Marzi, Gopalakrishnan, Madhow, & Pedarsani, 2018 ; Alexos, Panousis, & Chatzis, 2020 ), recurrence ( Krotov & Hopfield, 2018 ; Yan et al, 2019 ), and specifically with the LCA network ( Springer, Strauss, Thresher, Kim, & Kenyon, 2018 ; Kim, Yarnall, Shah, & Kenyon, 2019 ; Kim, Rego, Watkins, & Kenyon, 2020 ). We offer a theoretical explanation for these findings.…”

Section: Discussionmentioning

confidence: 99%

Selectivity and robustness of sparse coding networks

et al. 2020

View full text Add to dashboard Cite

We investigate how the population nonlinearities resulting from lateral inhibition and thresholding in sparse coding networks influence neural response selectivity and robustness. We show that when compared to pointwise nonlinear models, such population nonlinearities improve the selectivity to a preferred stimulus and protect against adversarial perturbations of the input. These findings are predicted from the geometry of the single-neuron iso-response surface, which provides new insight into the relationship between selectivity and adversarial robustness. Inhibitory lateral connections curve the iso-response surface outward in the direction of selectivity. Since adversarial perturbations are orthogonal to the iso-response surface, adversarial attacks tend to be aligned with directions of selectivity. Consequently, the network is less easily fooled by perceptually irrelevant perturbations to the input. Together, these findings point to benefits of integrating computational principles found in biological vision systems into artificial neural networks.

show abstract

Modeling Biological Immunity to Adversarial Examples

Cited by 18 publications

References 35 publications

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Performance vs. competence in human–machine comparisons

Selectivity and robustness of sparse coding networks

Contact Info

Product

Resources

About