Towards Robust Detection of Adversarial Examples

Pang, Tianyu; Du, Chao; Dong, Yinpeng; Zhu, Jun

doi:10.48550/arxiv.1706.00633

Cited by 27 publications

(7 citation statements)

References 22 publications

(48 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Label smoothing. Label smoothing improves the generalization [38,32] and robustness [31,19,35] of a deep neural network. Label smoothing replaces one-hot labels with smoothed labels.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Adaptive Label Smoothing To Regularize Large-Scale Graph Training

Zhou,

Liu,

Yang

et al. 2021

Preprint

View full text Add to dashboard Cite

Graph neural networks (GNNs), which learn the node representations by recursively aggregating information from its neighbors, have become a predominant computational tool in many domains. To handle large-scale graphs, most of the existing methods partition the input graph into multiple sub-graphs (e.g., through node clustering) and apply batch training to save memory cost. However, such batch training will lead to label bias within each batch, and then result in over-confidence in model predictions. Since the connected nodes with positively related labels tend to be assigned together, the traditional cross-entropy minimization process will attend on the predictions of biased classes in the batch, and may intensify the overfitting issue. To overcome the label bias problem, we propose the adaptive label smoothing (ALS) method to replace the one-hot hard labels with smoothed ones, which learns to allocate label confidences from the biased classes to the others. Specifically, ALS propagates node labels to aggregate the neighborhood label distribution in a pre-processing step, and then updates the optimal smoothed labels online to adapt to specific graph structure. Experiments on the real-world datasets demonstrate that ALS can be generally applied to the main scalable learning frameworks to calibrate the biased labels and improve generalization performances.Recently, several scalable algorithms of GNNs have been proposed to handle the large-scale graphs, among which sub-graph sampling methods are dominant in literature [20,6,7,10,52]. Specifically, instead of training on the full graph, the sampling methods sample subsets of nodes and edges to Preprint. Under review.

show abstract

“…Label smoothing. Label smoothing improves the generalization [38,32] and robustness [31,19,35] of a deep neural network. Label smoothing replaces one-hot labels with smoothed labels.…”

Section: Methodsmentioning

confidence: 99%

“…It has been shown that label smoothing has similar effect as randomly replacing some of the ground-truth labels with incorrect values at each mini-batch [46]. [31] proposes reverse cross entropy for gradient smoothing. It encourages a model to better distinguish adversarial examples from normal ones in representation space.…”

Section: Methodsmentioning

confidence: 99%

Adaptive Label Smoothing To Regularize Large-Scale Graph Training

Zhou,

Liu,

Yang

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…In particular, given an input x, this metric computes an estimation of the uncertainty of a deep Gaussian process [5], using the outputs of multiple DNNs with the same architecture that are trained in the same training set but using the dropout Using this metric we expect a higher uncertainty estimation when the input x is an adversarial input. Also a training procedure that can enhance the detection results when we use the kernel density estimation as a metric is proposed in [14]. This training procedure adds a regularization term called reverse cross-entropy.…”

Section: Detecting Adversarial Examplesmentioning

confidence: 99%

Detecting Adversarial Examples in Convolutional Neural Networks

Pertigkiozoglou,

Maragos

2018

Preprint

View full text Add to dashboard Cite

The great success of convolutional neural networks has caused a massive spread of the use of such models in a large variety of Computer Vision applications. However, these models are vulnerable to certain inputs, the adversarial examples, which although are not easily perceived by humans, they can lead a neural network to produce faulty results. This paper focuses on the detection of adversarial examples, which are created for convolutional neural networks that perform image classification. We propose three methods for detecting possible adversarial examples and after we analyze and compare their performance, we combine their best aspects to develop an even more robust approach.The first proposed method is based on the regularization of the feature vector that the neural network produces as output. The second method detects adversarial examples by using histograms, which are created from the outputs of the hidden layers of the neural network. These histograms create a feature vector which is used as the input of an SVM classifier, which classifies the original input either as an adversarial or as a real input. Finally, for the third method we introduce the concept of the residual image, which contains information about the parts of the input pattern that are ignored by the neural network. This method aims at the detection of possible adversarial examples, by using the residual image and reinforcing the parts of the input pattern that are ignored by the neural network. Each one of these methods has some novelties and by combining them we can further improve the detection results. For the proposed methods and their combination, we present the results of detecting adversarial examples on the MNIST dataset. The combination of the proposed methods offers some improvements over similar state of the art approaches.

show abstract

“…It Analysis process. To start the analysis, we calculated an adversarial score for each image [39]. A high score means the image is most probably to be an adversarial example.…”

Section: Analyzing White-box Adversarial Examplesmentioning

confidence: 99%

Analyzing the Noise Robustness of Deep Neural Networks

Liu¹,

Liu²,

Su³

et al. 2018

Preprint

Self Cite

View full text Add to dashboard Cite

Towards Robust Detection of Adversarial Examples

Cited by 27 publications

References 22 publications

Adaptive Label Smoothing To Regularize Large-Scale Graph Training

Adaptive Label Smoothing To Regularize Large-Scale Graph Training

Detecting Adversarial Examples in Convolutional Neural Networks

Analyzing the Noise Robustness of Deep Neural Networks

Contact Info

Product

Resources

About