Adversarial Training is a Form of Data-dependent Operator Norm Regularization

06/12/2020

Adversarial Training is a Form of Data-dependent Operator Norm Regularization

Kevin Roth, Yannic Kilcher, Thomas Hofmann

Keywords:

Abstract Paper Similar Papers

Abstract: We establish a theoretical link between adversarial training and operator norm regularization for deep neural networks. Specifically, we prove that $l_p$-norm constrained projected gradient ascent based adversarial training with an $l_q$-norm loss on the logits of clean and perturbed inputs is equivalent to data-dependent (p, q) operator norm regularization. This fundamental connection confirms the long-standing argument that a network’s sensitivity to adversarial examples is tied to its spectral properties and hints at novel ways to robustify and defend against adversarial attacks. We provide extensive empirical evidence on state-of-the-art network architectures to support our theoretical results.

0

0

0

0

Share

This is an embedded video. Talk and the respective paper are published at NeurIPS 2020 virtual conference. If you are one of the authors of the paper and want to manage your upload, see the question "My papertalk has been externally embedded..." in the FAQ section.

Comments

Post Comment

no comments yet

Similar Papers

13/04/2021

Bayesian inference with certifiable adversarial robustness

Matthew Wicker, Luca Laurenti, Andrea Patane and
Zhuotong Chen, Zheng Zhang, Marta Kwiatkowska

Keywords Paper

0

0

0

0

3:06

07/09/2020

Feature Binding with Category-Dependant MixUp for Semantic Segmentation and Adversarial Robustness

Md Amirul Islam, Matthew Kowal, Konstantinos Derpanis, Neil D. B. Bruce

Keywords Paper

Image Blending, Mixup, Feature Binding, Semantic Segmentation, Adversarial Robustness

0

0

0

0

9:00

06/12/2020

Robust Quantization: One Model to Rule Them All

Moran Shkolnik, Brian Chmiel, Ron Banner and
Gil Shomron, Yury Nahshan, Alex Bronstein, Uri Weiser

Keywords Paper

0

0

0

0

3:13

18/07/2021

Robust Learning for Data Poisoning Attacks

Yunjuan Wang, Poorya Mianjy, Raman Arora

Keywords Paper

Deep Learning, Generative Models, Algorithms, Unsupervised Learning; Deep Learning, Adversarial Networks, Algorithms, Adversarial Examples

0

0

0

0

5:20

26/04/2020

GAT: Generative Adversarial Training for Adversarial Example Detection and Classification

Xuwang Yin, Soheil Kolouri, Gustavo K Rohde

Keywords Paper

adversarial example detection, adversarial examples classification, robust optimization, ML security, generative modeling, generative classification

0

0

0

0

5:14

06/12/2021

Domain Adaptation with Invariant Representation Learning: What Transformations to Learn?

Petar Stojanov, Zijian Li, Mingming Gong and
Ruichu Cai, Jaime Carbonell, Kun Zhang

Keywords Paper

deep learning, machine learning, adversarial robustness and security, domain adaptation, representation learning, transfer learning

0

0

0

0

15:02

26/04/2020

Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness

Pu Zhao, Pin-Yu Chen, Payel Das and
Karthikeyan Natesan Ramamurthy, Xue Lin

Keywords Paper

mode connectivity, adversarial robustness, backdoor attack, error-injection attack, evasion attacks, loss landscapes

0

0

0

0

4:30

02/02/2021

Adversarial Training and Provable Robustness: A Tale of Two Objectives

Jiameng Fan, Wenchao Li

Keywords Paper

0

0

0

0

16:37

14/06/2020

Dataless Model Selection With the Deep Frame Potential

Calvin Murdock, Simon Lucey

Keywords Paper

deep learning, sparse approximation theory, deep network architectures, model selection, sparsity, mutual coherence

0

0

0

1

5:00

06/12/2021

A Near-Optimal Algorithm for Debiasing Trained Machine Learning Models

Ibrahim Alabdulmohsin, Mario Lucic

Keywords Paper

deep learning, machine learning, fairness

0

0

0

0

9:48

13/04/2021

Approximating lipschitz continuous functions with GroupSort neural networks

Ugo Tanielian, Gerard Biau

Keywords Paper

0

0

0

0

3:02

06/12/2020

Learning Optimal Representations with the Decodable Information Bottleneck

Yann Dubois, Douwe Kiela, David Schwab, Ramakrishna Vedantam

Keywords Paper

0

0

0

0

3:13

06/12/2021

Implicit Bias of SGD for Diagonal Linear Networks: a Provable Benefit of Stochasticity

Scott Pesme, Loucas Pillaud-Vivien, Nicolas Flammarion

Keywords Paper

deep learning, optimization

0

0

0

0

4:30

12/07/2020

Adversarial Robustness via Runtime Masking and Cleansing

Yi-Hsuan Wu, Chia-Hung Yuan, Shan-Hung (Brandon) Wu

Keywords Paper

Adversarial Examples

0

0

0

0

13:38

26/04/2020

Gradients as Features for Deep Representation Learning

Fangzhou Mu, Yingyu Liang, Yin Li

Keywords Paper

representation learning, gradient features, deep learning

0

0

0

0

5:07

06/12/2021

Analytic Insights into Structure and Rank of Neural Network Hessian Maps

Sidak Pal Singh, Gregor Bachmann, Thomas Hofmann

Keywords Paper

deep learning, optimization, generative model

0

0

0

0

15:08

14/06/2020

DNU: Deep Non-Local Unrolling for Computational Spectral Imaging

Lizhi Wang, Chen Sun, Maoqing Zhang and
Ying Fu, Hua Huang

Keywords Paper

computational spectral imaging, spectral image reconstruction, deep unrolling, non-local similarity, deep prior, image compressive sensing

0

0

0

0

1:01

30/11/2020

Bridging Adversarial and Statistical Domain Transfer via Spectral Adaptation Networks

Christoph Raab, Philipp Väth, Peter Meier, Frank-Michael Schleif

Keywords Paper

0

0

0

0

10:07

06/12/2020

A Bayesian Perspective on Training Speed and Model Selection

Clare Lyle, Lisa Schut, Robin Ru and
Yarin Gal, Mark van der Wilk

Keywords Paper

0

0

0

0

3:13

06/12/2020

Maximum-Entropy Adversarial Data Augmentation for Improved Generalization and Robustness

Long Zhao, Ting Liu, Xi Peng, Dimitris Metaxas

Keywords Paper

0

0

0

0

3:22

14/06/2020

When NAS Meets Robustness: In Search of Robust Architectures Against Adversarial Attacks

Minghao Guo, Yuzhe Yang, Rui Xu and
Ziwei Liu, Dahua Lin

Keywords Paper

adversarial robustness, neural architecture search, adversarial examples, deep learning architectures, adversarial attacks

0

0

0

0

1:01

06/12/2020

Hold me tight! Influence of discriminative features on deep network boundaries

Guillermo Ortiz-Jimenez, Apostolos Modas, Seyed Moosavi-Dezfooli, Pascal Frossard

Keywords Paper

0

1

0

0

3:18

06/12/2020

Spectra of the Conjugate Kernel and Neural Tangent Kernel for linear-width neural networks

Zhou Fan, Zhichao Wang

Keywords Paper

0

0

0

0

3:25

06/12/2020

Adapting Neural Architectures Between Domains

Yanxi Li, Zhaohui Yang, Yunhe Wang, Chang Xu

Keywords Paper

0

0

0

0

3:20

06/12/2021

Adversarial Feature Desensitization

Pouya Bashivan, Reza Bayat, Adam Ibrahim and
Kartik Ahuja, Mojtaba Faramarzi, Touraj Laleh, Blake Richards, Irina Rish

Keywords Paper

deep learning, robustness, adversarial robustness and security, domain adaptation

0

0

0

0

13:27

14/06/2020

Learn2Perturb: An End-to-End Feature Perturbation Learning to Improve Adversarial Robustness

Ahmadreza Jeddi, Mohammad Javad Shafiee, Michelle Karg and
Christian Scharfenberger, Alexander Wong

Keywords Paper

adversarial robustness, network randomization, alternative back-propagation, trainable noise, adversarial training

0

0

0

0

1:01

18/07/2021

On the Implicit Bias of Initialization Shape: Beyond Infinitesimal Mirror Descent

Shahar Azulay, Edward Moroshko, Mor Shpigel Nacson and
Blake Woodworth, Nati Srebro, Amir Globerson, Daniel Soudry

Keywords Paper

, Probabilistic Methods, MCMC, Theory, Deep learning Theory

0

0

0

0

15:38

06/12/2021

Robust Implicit Networks via Non-Euclidean Contractions

Saber Jafarpour, Alexander Davydov, Anton Proskurnikov, Francesco Bullo

Keywords Paper

theory, deep learning, machine learning, robustness, vision

0

0

0

0

14:59

26/04/2020

Implicit Bias of Gradient Descent based Adversarial Training on Separable Data

Yan Li, Ethan X.Fang, Huan Xu, Tuo Zhao

Keywords Paper

implicit bias, adversarial training, robustness, gradient descent

0

0

0

0

4:53

03/05/2021

Improving Adversarial Robustness via Channel-wise Activation Suppressing

Yang Bai, Yuyuan Zeng, Yong Jiang and
Shu-Tao Xia, Daniel Ma, Yisen Wang

Keywords Paper

channel suppressing, Adversarial robustness, activation strategy.

0

0

0

0

15:53

02/02/2021

Towards Trustworthy Predictions from Deep Neural Networks with Fast Adversarial Calibration

Christian Tomani, Florian Buettner

Keywords Paper

0

1

0

0

15:26

06/12/2021

$(\textrm{Implicit})^2$: Implicit Layers for Implicit Representations

Zhichun Huang, Shaojie Bai, J. Zico Kolter

Keywords Paper

deep learning, representation learning

1

0

0

1

12:23

03/05/2021

QPLEX: Duplex Dueling Multi-Agent Q-Learning

Jianhao Wang, Zhizhou Ren, Terry Liu and
Yang Yu, Chongjie Zhang

Keywords Paper

Dueling structure, Value factorization, Multi-agent reinforcement learning

0

0

0

0

4:52

14/06/2020

GP-NAS: Gaussian Process Based Neural Architecture Search

Zhihang Li, Teng Xi, Jiankang Deng and
Gang Zhang, Shengzhao Wen, Ran He

Keywords Paper

neural architecture search, gaussian process, image classification, face recognition

0

0

0

0

0:59

26/04/2020

Smoothness and Stability in GANs

Casey Chu, Kentaro Minami, Kenji Fukumizu

Keywords Paper

generative adversarial networks, stability, smoothness, convex conjugate

0

0

0

0

4:57

09/07/2020

Implicit regularization for deep neural networks driven by an Ornstein-Uhlenbeck like process

Guy Blanc, Neha Gupta, Gregory Valiant, Paul Valiant

Keywords Paper

Neural networks/deep learning, Stochastic optimization

0

0

0

0

12:17

18/07/2021

Sparsifying Networks via Subdifferential Inclusion

Sagar Verma, Jean-Christophe Pesquet

Keywords Paper

Optimization, Convex Optimization

0

0

0

0

5:10

13/04/2021

DebiNet: Debiasing linear models with nonlinear overparameterized neural networks

Shiyun Xu, Zhiqi Bu

Keywords Paper

0

0

0

0

2:56

09/07/2020

Kernel and Rich Regimes in Overparametrized Models

Blake E Woodworth, Suriya Gunasekar, Jason Lee and
Edward Moroshko, Pedro Henrique Pamplona Savarese, Itay Golan, Daniel Soudry, Nathan Srebro

Keywords Paper

Neural networks/deep learning,

0

0

0

0

13:29

03/05/2021

Estimating informativeness of samples with Smooth Unique Information

Hrayr Harutyunyan, Alessandro Achille, Giovanni Paolini and
Orchid Majumder, Avinash Ravichandran, Rahul Bhotika, Stefano Soatto

Keywords Paper

dataset summarization, ntk, stability theory, sample information, information theory

0

0

0

0

6:05