Search Results for author:
Found 10 papers, 2 papers with code
Robustness and Equivariance of Neural Networks
Neural networks models are known to be vulnerable to geometric transformations as well as small pixel-wise perturbations of input.
How do SGD hyperparameters in natural training affect adversarial robustness?
We observe that networks trained with constant learning rate to batch size ratio, as proposed in Jastrzebski et al., yield models which generalize well and also have almost constant adversarial robustness, independent of the batch size.
On Universalized Adversarial and Invariant Perturbations
Recent work by authors arXiv:2002. 11318 studies a trade-off between invariance and robustness to adversarial attacks.
Universalization of any adversarial attack using very few test examples
For VGG16 and VGG19 models trained on ImageNet, our simple universalization of Gradient, FGSM, and DeepFool perturbations using a test sample of 64 images gives fooling rates comparable to state-of-the-art universal attacks \cite{Dezfooli17, Khrulkov18} for reasonable norms of perturbation.
Can we have it all? On the Trade-off between Spatial and Adversarial Robustness of Neural Networks
(Non-)robustness of neural networks to small, adversarial pixel-wise perturbations, and as more recently shown, to even random spatial transformations (e. g., translations, rotations) entreats both theoretical and empirical understanding.
Invariance vs Robustness of Neural Networks
We observe that the rotation invariance of equivariant models (StdCNNs and GCNNs) improves by training augmentation with progressively larger rotations but while doing so, their adversarial robustness does not improve, or worse, it can even drop significantly on datasets such as MNIST.
Universal Adversarial Attack Using Very Few Test Examples
We evaluate the error rates and fooling rates of three universal attacks, SVD-Gradient, SVD-DeepFool and SVD-FGSM, on state of the art neural networks.
Better Generalization with Adaptive Adversarial Training
An effective method to obtain an adversarial robust network is to train the network with adversarially perturbed samples.
On Adversarial Robustness of Small vs Large Batch Training
Large-batch training is known to incur poor generalization by Jastrzebski et al. (2017) as well as poor adversarial robustness by Yao et al. (2018b).
Universal Attacks on Equivariant Networks
In this paper, we observe an interesting spectral property shared by all of the above input-dependent, pixel-wise adversarial attacks on translation and rotation-equivariant networks.
