Combating Adversaries with Anti-adversaries

Motasem Alfarra; Juan C. Pérez; Ali Thabet; Adel Bibi; Philip H.S. Torr; Bernard Ghanem

doi:10.1609/aaai.v36i6.20545

Combating Adversaries with Anti-adversaries

Motasem Alfarra
, Juan C. Pérez
, Ali Thabet
, Adel Bibi
, Philip H.S. Torr
, Bernard Ghanem

King Abdullah University of Science and Technology
Meta

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

21 Citas (Scopus)

Resumen

Deep neural networks are vulnerable to small input perturbations known as adversarial attacks. Inspired by the fact that these adversaries are constructed by iteratively minimizing the confidence of a network for the true class label, we propose the anti-adversary layer, aimed at countering this effect. In particular, our layer generates an input perturbation in the opposite direction of the adversarial one and feeds the classifier a perturbed version of the input. Our approach is training-free and theoretically supported. We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models and conduct large-scale experiments from black-box to adaptive attacks on CIFAR10, CIFAR100, and ImageNet. Our layer significantly enhances model robustness while coming at no cost on clean accuracy.

Idioma original	Inglés
Título de la publicación alojada	AAAI-22 Technical Tracks 6
Editorial	Association for the Advancement of Artificial Intelligence
Páginas	5992-6000
Número de páginas	9
ISBN (versión digital)	1577358767, 9781577358763
DOI	https://doi.org/10.1609/aaai.v36i6.20545
Estado	Publicada - 30 jun 2022
Publicado de forma externa	Sí
Evento	36th AAAI Conference on Artificial Intelligence, AAAI 2022 - Virtual, Online Duración: 22 feb 2022 → 1 mar 2022

Serie de la publicación

Nombre	Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022
Volumen	36

Conferencia

Conferencia	36th AAAI Conference on Artificial Intelligence, AAAI 2022
Ciudad	Virtual, Online
Período	22/02/22 → 1/03/22

Acceder al documento

10.1609/aaai.v36i6.20545

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

@inproceedings{54435b727a2f40808365aed790d997bf,

title = "Combating Adversaries with Anti-adversaries",

abstract = "Deep neural networks are vulnerable to small input perturbations known as adversarial attacks. Inspired by the fact that these adversaries are constructed by iteratively minimizing the confidence of a network for the true class label, we propose the anti-adversary layer, aimed at countering this effect. In particular, our layer generates an input perturbation in the opposite direction of the adversarial one and feeds the classifier a perturbed version of the input. Our approach is training-free and theoretically supported. We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models and conduct large-scale experiments from black-box to adaptive attacks on CIFAR10, CIFAR100, and ImageNet. Our layer significantly enhances model robustness while coming at no cost on clean accuracy.",

author = "Motasem Alfarra and P{\'e}rez, \{Juan C.\} and Ali Thabet and Adel Bibi and Torr, \{Philip H.S.\} and Bernard Ghanem",

note = "Publisher Copyright: Copyright {\textcopyright} 2022, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; 36th AAAI Conference on Artificial Intelligence, AAAI 2022 ; Conference date: 22-02-2022 Through 01-03-2022",

year = "2022",

month = jun,

day = "30",

doi = "10.1609/aaai.v36i6.20545",

language = "English",

series = "Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022",

publisher = "Association for the Advancement of Artificial Intelligence",

pages = "5992--6000",

booktitle = "AAAI-22 Technical Tracks 6",

}

Alfarra, M, Pérez, JC, Thabet, A, Bibi, A, Torr, PHS & Ghanem, B 2022, Combating Adversaries with Anti-adversaries. En AAAI-22 Technical Tracks 6. Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022, vol. 36, Association for the Advancement of Artificial Intelligence, pp. 5992-6000, 36th AAAI Conference on Artificial Intelligence, AAAI 2022, Virtual, Online, 22/02/22. https://doi.org/10.1609/aaai.v36i6.20545

Combating Adversaries with Anti-adversaries. / Alfarra, Motasem; Pérez, Juan C.; Thabet, Ali et al.
AAAI-22 Technical Tracks 6. Association for the Advancement of Artificial Intelligence, 2022. p. 5992-6000 (Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022; Vol. 36).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - Combating Adversaries with Anti-adversaries

AU - Alfarra, Motasem

AU - Pérez, Juan C.

AU - Thabet, Ali

AU - Bibi, Adel

AU - Torr, Philip H.S.

AU - Ghanem, Bernard

PY - 2022/6/30

Y1 - 2022/6/30

N2 - Deep neural networks are vulnerable to small input perturbations known as adversarial attacks. Inspired by the fact that these adversaries are constructed by iteratively minimizing the confidence of a network for the true class label, we propose the anti-adversary layer, aimed at countering this effect. In particular, our layer generates an input perturbation in the opposite direction of the adversarial one and feeds the classifier a perturbed version of the input. Our approach is training-free and theoretically supported. We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models and conduct large-scale experiments from black-box to adaptive attacks on CIFAR10, CIFAR100, and ImageNet. Our layer significantly enhances model robustness while coming at no cost on clean accuracy.

AB - Deep neural networks are vulnerable to small input perturbations known as adversarial attacks. Inspired by the fact that these adversaries are constructed by iteratively minimizing the confidence of a network for the true class label, we propose the anti-adversary layer, aimed at countering this effect. In particular, our layer generates an input perturbation in the opposite direction of the adversarial one and feeds the classifier a perturbed version of the input. Our approach is training-free and theoretically supported. We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models and conduct large-scale experiments from black-box to adaptive attacks on CIFAR10, CIFAR100, and ImageNet. Our layer significantly enhances model robustness while coming at no cost on clean accuracy.

UR - https://www.scopus.com/pages/publications/85135852502

U2 - 10.1609/aaai.v36i6.20545

DO - 10.1609/aaai.v36i6.20545

M3 - Conference contribution

AN - SCOPUS:85135852502

T3 - Proceedings of the 36th AAAI Conference on Artificial Intelligence, AAAI 2022

SP - 5992

EP - 6000

BT - AAAI-22 Technical Tracks 6

PB - Association for the Advancement of Artificial Intelligence

T2 - 36th AAAI Conference on Artificial Intelligence, AAAI 2022

Y2 - 22 February 2022 through 1 March 2022

ER -

Combating Adversaries with Anti-adversaries

Resumen

Serie de la publicación

Conferencia

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto