English
Related papers

Related papers: Removing Batch Normalization Boosts Adversarial Tr…

200 papers

Deep networks are vulnerable to adversarial examples. Adversarial Training (AT) has been a standard foundation of modern adversarial defense approaches due to its remarkable effectiveness. However, AT is extremely time-consuming, refraining…

Machine Learning · Computer Science 2024-05-28 Shao-Yuan Lo , Vishal M. Patel

Adversarial training (AT) has proven to be one of the most effective ways to defend Deep Neural Networks (DNNs) against adversarial attacks. However, the phenomenon of robust overfitting, i.e., the robustness will drop sharply at a certain…

Machine Learning · Computer Science 2022-05-25 Shudong Zhang , Haichang Gao , Tianwei Zhang , Yunyi Zhou , Zihui Wu

Deep Neural Networks (DNN) have been shown to be vulnerable to adversarial examples. Adversarial training (AT) is a popular and effective strategy to defend against adversarial attacks. Recent works (Benz et al., 2020; Xu et al., 2021; Tian…

Machine Learning · Computer Science 2023-02-09 Boqi Li , Weiwei Liu

Batch normalization (BN) has been widely used in modern deep neural networks (DNNs) due to improved convergence. BN is observed to increase the model accuracy while at the cost of adversarial robustness. There is an increasing interest in…

Machine Learning · Computer Science 2021-10-08 Philipp Benz , Chaoning Zhang , In So Kweon

Adversarial training is one of the main defenses against adversarial attacks. In this paper, we provide the first rigorous study on diagnosing elements of adversarial training, which reveals two intriguing properties. First, we study the…

Computer Vision and Pattern Recognition · Computer Science 2019-12-24 Cihang Xie , Alan Yuille

Batch Normalization (BatchNorm) is effective for improving the performance and accelerating the training of deep neural networks. However, it has also shown to be a cause of adversarial vulnerability, i.e., networks without it are more…

Machine Learning · Computer Science 2020-06-22 Muhammad Awais , Fahad Shamshad , Sung-Ho Bae

Modern deep learning architecture utilize batch normalization (BN) to stabilize training and improve accuracy. It has been shown that the BN layers alone are surprisingly expressive. In the context of robustness against adversarial…

Machine Learning · Computer Science 2022-04-27 Nils Philipp Walter , David Stutz , Bernt Schiele

Adversarial training (AT) is currently one of the most successful methods to obtain the adversarial robustness of deep neural networks. However, the phenomenon of robust overfitting, i.e., the robustness starts to decrease significantly…

Machine Learning · Computer Science 2021-12-23 Jihoon Tack , Sihyun Yu , Jongheon Jeong , Minseon Kim , Sung Ju Hwang , Jinwoo Shin

There is a growing concern about applying batch normalization (BN) in adversarial training (AT), especially when the model is trained on both adversarial samples and clean samples (termed Hybrid-AT). With the assumption that adversarial and…

Machine Learning · Computer Science 2024-03-29 Chenshuang Zhang , Chaoning Zhang , Kang Zhang , Axi Niu , Junmo Kim , In So Kweon

Deep neural networks are incredibly vulnerable to crafted, human-imperceptible adversarial perturbations. Although adversarial training (AT) has proven to be an effective defense approach, we find that the AT-trained models heavily rely on…

Computer Vision and Pattern Recognition · Computer Science 2022-12-27 Binxiao Huang , Chaofan Tao , Rui Lin , Ngai Wong

Deep neural networks are vulnerable to adversarial noise. Adversarial Training (AT) has been demonstrated to be the most effective defense strategy to protect neural networks from being fooled. However, we find AT omits to learning robust…

Computer Vision and Pattern Recognition · Computer Science 2023-11-21 Nuoyan Zhou , Nannan Wang , Decheng Liu , Dawei Zhou , Xinbo Gao

Adversarial training (AT) aims to improve the robustness of deep learning models by mixing clean data and adversarial examples (AEs). Most existing AT approaches can be grouped into restricted and unrestricted approaches. Restricted AT…

Machine Learning · Computer Science 2020-04-14 Haidong Xie , Xueshuang Xiang , Naijin Liu , Bin Dong

Batch normalization (BN) is a ubiquitous technique for training deep neural networks that accelerates their convergence to reach higher accuracy. However, we demonstrate that BN comes with a fundamental drawback: it incentivizes the model…

Machine Learning · Computer Science 2022-07-05 Saeid Asgari Taghanaki , Ali Gholami , Fereshte Khani , Kristy Choi , Linh Tran , Ran Zhang , Aliasghar Khani

Adversarial Training (AT) is proposed to alleviate the adversarial vulnerability of machine learning models by extracting only robust features from the input, which, however, inevitably leads to severe accuracy reduction as it discards the…

Machine Learning · Statistics 2020-07-06 Yifei Wang , Dan Peng , Furui Liu , Zhenguo Li , Zhitang Chen , Jiansheng Yang

Despite the success of convolutional neural networks (CNNs) in many academic benchmarks for computer vision tasks, their application in the real-world is still facing fundamental challenges. One of these open problems is the inherent lack…

Computer Vision and Pattern Recognition · Computer Science 2022-12-07 Julia Grabinski , Paul Gavrikov , Janis Keuper , Margret Keuper

This paper addresses the tradeoff between standard accuracy on clean examples and robustness against adversarial examples in deep neural networks (DNNs). Although adversarial training (AT) improves robustness, it degrades the standard…

Computer Vision and Pattern Recognition · Computer Science 2023-09-01 Satoshi Suzuki , Shin'ya Yamaguchi , Shoichiro Takeda , Sekitoshi Kanai , Naoki Makishima , Atsushi Ando , Ryo Masumura

Batch normalization (BN) is a key facilitator and considered essential for state-of-the-art binary neural networks (BNN). However, the BN layer is costly to calculate and is typically implemented with non-binary parameters, leaving a hurdle…

Machine Learning · Computer Science 2021-04-19 Tianlong Chen , Zhenyu Zhang , Xu Ouyang , Zechun Liu , Zhiqiang Shen , Zhangyang Wang

Deep neural networks are susceptible to adversarial examples, posing a significant security risk in critical applications. Adversarial Training (AT) is a well-established technique to enhance adversarial robustness, but it often comes at…

Machine Learning · Computer Science 2023-08-08 Kaijie Zhu , Jindong Wang , Xixu Hu , Xing Xie , Ge Yang

Adversarial training (AT) methods are effective against adversarial attacks, yet they introduce severe disparity of accuracy and robustness between different classes, known as the robust fairness problem. Previously proposed Fair Robust…

Machine Learning · Computer Science 2022-09-19 Chunyu Sun , Chenye Xu , Chengyuan Yao , Siyuan Liang , Yichao Wu , Ding Liang , XiangLong Liu , Aishan Liu

We present a new algorithm to train a robust neural network against adversarial attacks. Our algorithm is motivated by the following two ideas. First, although recent work has demonstrated that fusing randomness can improve the robustness…

Machine Learning · Computer Science 2019-05-07 Xuanqing Liu , Yao Li , Chongruo Wu , Cho-Jui Hsieh
‹ Prev 1 2 3 10 Next ›