Loading…
Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations
Upon the discovery of adversarial attacks, robust models have become obligatory for deep learning-based systems. Adversarial training with first-order attacks has been one of the most effective defenses against adversarial perturbations to this day. The majority of the adversarial training approache...
Saved in:
| Published in: | arXiv.org 2021-08 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | |
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Baytas, Inci M Debayan Deb |
| description | Upon the discovery of adversarial attacks, robust models have become obligatory for deep learning-based systems. Adversarial training with first-order attacks has been one of the most effective defenses against adversarial perturbations to this day. The majority of the adversarial training approaches focus on iteratively perturbing each pixel with the gradient of the loss function with respect to the input image. However, the adversarial training with gradient-based attacks lacks diversity and does not generalize well to natural images and various attacks. This study presents a robust training algorithm where the adversarial perturbations are automatically synthesized from a random vector using a generator network. The classifier is trained with cross-entropy loss regularized with the optimal transport distance between the representations of the natural and synthesized adversarial samples. Unlike prevailing generative defenses, the proposed one-step attack generation framework synthesizes diverse perturbations without utilizing gradient of the classifier's loss. Experimental results show that the proposed approach attains comparable robustness with various gradient-based and generative robust training techniques on CIFAR10, CIFAR100, and SVHN datasets. In addition, compared to the baselines, the proposed robust training framework generalizes well to the natural samples. Code and trained models will be made publicly available. |
| format | article |
| fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2563970921</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2563970921</sourcerecordid><originalsourceid>FETCH-proquest_journals_25639709213</originalsourceid><addsrcrecordid>eNqNyk8LgjAYgPERBEn5HQadB3NLzW4R_TlGepdJbzmRrfZuRt8-oT5Ap-fweyYkElImbL0SYkZixI5zLrJcpKmMSHmxTUBvAJENWrHybXwLqHFDv0Irp7TR5k5f2rf0CAac8noAur0O4FA5rXp6BueDa0awBhdkelM9QvzrnCwP-2p3Yg9nnwHQ150NzoxUizSTRc4Lkcj_rg-9jUEn</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2563970921</pqid></control><display><type>article</type><title>Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations</title><source>Publicly Available Content Database</source><creator>Baytas, Inci M ; Debayan Deb</creator><creatorcontrib>Baytas, Inci M ; Debayan Deb</creatorcontrib><description>Upon the discovery of adversarial attacks, robust models have become obligatory for deep learning-based systems. Adversarial training with first-order attacks has been one of the most effective defenses against adversarial perturbations to this day. The majority of the adversarial training approaches focus on iteratively perturbing each pixel with the gradient of the loss function with respect to the input image. However, the adversarial training with gradient-based attacks lacks diversity and does not generalize well to natural images and various attacks. This study presents a robust training algorithm where the adversarial perturbations are automatically synthesized from a random vector using a generator network. The classifier is trained with cross-entropy loss regularized with the optimal transport distance between the representations of the natural and synthesized adversarial samples. Unlike prevailing generative defenses, the proposed one-step attack generation framework synthesizes diverse perturbations without utilizing gradient of the classifier's loss. Experimental results show that the proposed approach attains comparable robustness with various gradient-based and generative robust training techniques on CIFAR10, CIFAR100, and SVHN datasets. In addition, compared to the baselines, the proposed robust training framework generalizes well to the natural samples. Code and trained models will be made publicly available.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Algorithms ; Classifiers ; Entropy (Information theory) ; Machine learning ; Perturbation ; Robustness ; Synthesis</subject><ispartof>arXiv.org, 2021-08</ispartof><rights>2021. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2563970921?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25753,37012,44590</link.rule.ids></links><search><creatorcontrib>Baytas, Inci M</creatorcontrib><creatorcontrib>Debayan Deb</creatorcontrib><title>Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations</title><title>arXiv.org</title><description>Upon the discovery of adversarial attacks, robust models have become obligatory for deep learning-based systems. Adversarial training with first-order attacks has been one of the most effective defenses against adversarial perturbations to this day. The majority of the adversarial training approaches focus on iteratively perturbing each pixel with the gradient of the loss function with respect to the input image. However, the adversarial training with gradient-based attacks lacks diversity and does not generalize well to natural images and various attacks. This study presents a robust training algorithm where the adversarial perturbations are automatically synthesized from a random vector using a generator network. The classifier is trained with cross-entropy loss regularized with the optimal transport distance between the representations of the natural and synthesized adversarial samples. Unlike prevailing generative defenses, the proposed one-step attack generation framework synthesizes diverse perturbations without utilizing gradient of the classifier's loss. Experimental results show that the proposed approach attains comparable robustness with various gradient-based and generative robust training techniques on CIFAR10, CIFAR100, and SVHN datasets. In addition, compared to the baselines, the proposed robust training framework generalizes well to the natural samples. Code and trained models will be made publicly available.</description><subject>Algorithms</subject><subject>Classifiers</subject><subject>Entropy (Information theory)</subject><subject>Machine learning</subject><subject>Perturbation</subject><subject>Robustness</subject><subject>Synthesis</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNyk8LgjAYgPERBEn5HQadB3NLzW4R_TlGepdJbzmRrfZuRt8-oT5Ap-fweyYkElImbL0SYkZixI5zLrJcpKmMSHmxTUBvAJENWrHybXwLqHFDv0Irp7TR5k5f2rf0CAac8noAur0O4FA5rXp6BueDa0awBhdkelM9QvzrnCwP-2p3Yg9nnwHQ150NzoxUizSTRc4Lkcj_rg-9jUEn</recordid><startdate>20210822</startdate><enddate>20210822</enddate><creator>Baytas, Inci M</creator><creator>Debayan Deb</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20210822</creationdate><title>Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations</title><author>Baytas, Inci M ; Debayan Deb</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_25639709213</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Classifiers</topic><topic>Entropy (Information theory)</topic><topic>Machine learning</topic><topic>Perturbation</topic><topic>Robustness</topic><topic>Synthesis</topic><toplevel>online_resources</toplevel><creatorcontrib>Baytas, Inci M</creatorcontrib><creatorcontrib>Debayan Deb</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Baytas, Inci M</au><au>Debayan Deb</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations</atitle><jtitle>arXiv.org</jtitle><date>2021-08-22</date><risdate>2021</risdate><eissn>2331-8422</eissn><abstract>Upon the discovery of adversarial attacks, robust models have become obligatory for deep learning-based systems. Adversarial training with first-order attacks has been one of the most effective defenses against adversarial perturbations to this day. The majority of the adversarial training approaches focus on iteratively perturbing each pixel with the gradient of the loss function with respect to the input image. However, the adversarial training with gradient-based attacks lacks diversity and does not generalize well to natural images and various attacks. This study presents a robust training algorithm where the adversarial perturbations are automatically synthesized from a random vector using a generator network. The classifier is trained with cross-entropy loss regularized with the optimal transport distance between the representations of the natural and synthesized adversarial samples. Unlike prevailing generative defenses, the proposed one-step attack generation framework synthesizes diverse perturbations without utilizing gradient of the classifier's loss. Experimental results show that the proposed approach attains comparable robustness with various gradient-based and generative robust training techniques on CIFAR10, CIFAR100, and SVHN datasets. In addition, compared to the baselines, the proposed robust training framework generalizes well to the natural samples. Code and trained models will be made publicly available.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2021-08 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_proquest_journals_2563970921 |
| source | Publicly Available Content Database |
| subjects | Algorithms Classifiers Entropy (Information theory) Machine learning Perturbation Robustness Synthesis |
| title | Robustness-via-Synthesis: Robust Training with Generative Adversarial Perturbations |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T08%3A35%3A22IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Robustness-via-Synthesis:%20Robust%20Training%20with%20Generative%20Adversarial%20Perturbations&rft.jtitle=arXiv.org&rft.au=Baytas,%20Inci%20M&rft.date=2021-08-22&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2563970921%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_25639709213%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2563970921&rft_id=info:pmid/&rfr_iscdi=true |