RobustART: Benchmarking Robustness on Architecture Design and Training Techniques

Tang, Shiyu; Gong, Ruihao; Wang, Yan; Liu, Aishan; Wang, Jiakai; Yu, Fei; Liu, Xianglong; Song, Dezhen; Yuille, Alan; Torr, Philip H. S.; Tao, Dacheng

doi:10.48550/arxiv.2109.05211

Cited by 16 publications

(22 citation statements)

References 63 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other advances include TRADE , FAT , GAIRAT (Zhang et al, 2021), (Song et al, 2020), Jiang et al (2021), Stutz et al (2020), Singla & Feizi (2020), Wu et al (2020a), and. Tang et al (2021) propose an adversarial robustness benchmark regarding architecture design and training techniques. Some works also attempt to interpret how machine learning models gain robustness (Ilyas et al, 2019;Zhang & Zhu, 2019).…”

Section: Related Workmentioning

confidence: 99%

Robust Unlearnable Examples: Protecting Data Against Adversarial Learning

Fu¹,

He²,

Liu³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

The tremendous amount of accessible data in cyberspace face the risk of being unauthorized used for training deep learning models. To address this concern, methods are proposed to make data unlearnable for deep learning models by adding a type of error-minimizing noise. However, such conferred unlearnability is found fragile to adversarial training. In this paper, we design new methods to generate robust unlearnable examples that are protected from adversarial training. We first find that the vanilla error-minimizing noise, which suppresses the informative knowledge of data via minimizing the corresponding training loss, could not effectively minimize the adversarial training loss. This explains the vulnerability of error-minimizing noise in adversarial training. Based on the observation, robust error-minimizing noise is then introduced to reduce the adversarial training loss. Experiments show that the unlearnability brought by robust errorminimizing noise can effectively protect data from adversarial training in various scenarios. The code is available at https://github.com/fshp971/ robust-unlearnable-examples.

show abstract

Section: Related Workmentioning

confidence: 99%

Robust Unlearnable Examples: Protecting Data Against Adversarial Learning

Fu¹,

He²,

Liu³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…System noises refer to the inaccuracy inherent to a system due to the inconsistent implementations of decoding and resize, such as ImageNet-S Wang et al (2021b); Tang et al (2021). The system noise adapted for the CIFAR10 dataset is created in a similar way in our framework.…”

Section: System Noisesmentioning

confidence: 99%

“…On the one hand, the robustness evaluation is not comprehensive. Current work evaluate the robustness under different adversarial attack and quantified metrics, but the robustness of the model also needs to consider the robust accuracy under other types of noises such as natural noise Hendrycks et al (2021a) and system noise Wang et al (2021a); Tang et al (2021). On the other hand, under adversarial noise, the robustness evaluation is not reliable.…”

Section: Introductionmentioning

confidence: 99%

$A^{3}D$: A Platform of Searching for Robust Neural Architectures and Efficient Adversarial Attacks

Sun¹,

Jiang²,

Li³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Another important observation is that using WRNs instead of ResNets (RNs) can bring ∼ 3%-5% more robustness [16][17][18]. Other works also suggest that adversarial training requires deeper and wider models [15,26,55]. Also, the skip-connection operation used in WRN has been found can improve robustness for deeper architectures [56].…”

Section: Understanding Adversarially Trained Dnnsmentioning

confidence: 99%

Exploring Architectural Ingredients of Adversarially Robust Deep Neural Networks

Huang

Wang

Erfani

et al. 2021

Preprint

View full text Add to dashboard Cite

Deep neural networks (DNNs) are known to be vulnerable to adversarial attacks. A range of defense methods have been proposed to train adversarially robust DNNs, among which adversarial training has demonstrated promising results. However, despite preliminary understandings developed for adversarial training, it is still not clear, from the architectural perspective, what configurations can lead to more robust DNNs. In this paper, we address this gap via a comprehensive investigation on the impact of network width and depth on the robustness of adversarially trained DNNs. Specifically, we make the following key observations: 1) more parameters (higher model capacity) does not necessarily help adversarial robustness; 2) reducing capacity at the last stage (the last group of blocks) of the network can actually improve adversarial robustness; and 3) under the same parameter budget, there exists an optimal architectural configuration for adversarial robustness. We also provide a theoretical analysis explaning why such network configuration can help robustness. These architectural insights can help design adversarially robust DNNs. Code is available at https://github.com/HanxunH/RobustWRN.

show abstract

RobustART: Benchmarking Robustness on Architecture Design and Training Techniques

Cited by 16 publications

References 63 publications

Robust Unlearnable Examples: Protecting Data Against Adversarial Learning

Robust Unlearnable Examples: Protecting Data Against Adversarial Learning

$A^{3}D$: A Platform of Searching for Robust Neural Architectures and Efficient Adversarial Attacks

Exploring Architectural Ingredients of Adversarially Robust Deep Neural Networks

Contact Info

Product

Resources

About