Defense through diverse directions
| Title | Defense through diverse directions |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Bender, Christopher M., Li, Yang, Shi, Yifeng, Reiter, Michael K., Oliva, Junier B. |
| Conference Name | Proceedings of the 37th International Conference on Machine Learning |
| Date Published | 07/2020 |
| Conference Location | Virtual |
| Keywords | 2020: October, CMU, Securing Safety-Critical Machine Learning Algorithms |
| Abstract | In this work we develop a novel Bayesian neural network methodology to achieve strong adversarial robustness without the need for online adversarial training. Unlike previous efforts in this direction, we do not rely solely on the stochasticity of network weights by minimizing the divergence between the learned parameter distribution and a prior. Instead, we additionally require that the model maintain some expected uncertainty with respect to all input covariates. We demonstrate that by encouraging the network to distribute evenly across inputs, the network becomes less susceptible to localized, brittle features which imparts a natural robustness to targeted perturbations. We show empirical robustness on several benchmark datasets. |
| Citation Key | node-74178 |
| Attachment | Size |
|---|---|
| bytes |
Groups: