Enhancing Adversarial Robustness via Test-time Transformation Ensembling

Juan C. Perez; Motasem Alfarra; Guillaume Jeanneret; Laura Rueda; Ali Thabet; Bernard Ghanem; Pablo Arbelaez

doi:10.1109/ICCVW54120.2021.00015

Enhancing Adversarial Robustness via Test-time Transformation Ensembling

Juan C. Perez
, Motasem Alfarra
, Guillaume Jeanneret
, Laura Rueda
, Ali Thabet
, Bernard Ghanem
, Pablo Arbelaez

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

26 Citas (Scopus)

Resumen

Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.

Idioma original	Inglés
Título de la publicación alojada	Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021
Editorial	Institute of Electrical and Electronics Engineers Inc.
Páginas	81-91
Número de páginas	11
ISBN (versión digital)	9781665401913
DOI	https://doi.org/10.1109/ICCVW54120.2021.00015
Estado	Publicada - 2021
Publicado de forma externa	Sí
Evento	18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021 - Virtual, Online, Canadá Duración: 11 oct 2021 → 17 oct 2021

Serie de la publicación

Nombre	Proceedings of the IEEE International Conference on Computer Vision
Volumen	2021-October
ISSN (versión impresa)	1550-5499
ISSN (versión digital)	2380-7504

Conferencia

Conferencia	18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021
País/Territorio	Canadá
Ciudad	Virtual, Online
Período	11/10/21 → 17/10/21

Acceder al documento

10.1109/ICCVW54120.2021.00015

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Perez, J. C., Alfarra, M., Jeanneret, G., Rueda, L., Thabet, A., Ghanem, B., & Arbelaez, P. (2021). Enhancing Adversarial Robustness via Test-time Transformation Ensembling. En Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021 (pp. 81-91). (Proceedings of the IEEE International Conference on Computer Vision; Vol. 2021-October). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCVW54120.2021.00015

Perez, Juan C. ; Alfarra, Motasem ; Jeanneret, Guillaume et al. / Enhancing Adversarial Robustness via Test-time Transformation Ensembling. Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 81-91 (Proceedings of the IEEE International Conference on Computer Vision).

@inproceedings{c3c649703edf4acbbef87aceb35f407f,

title = "Enhancing Adversarial Robustness via Test-time Transformation Ensembling",

abstract = "Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.",

author = "Perez, \{Juan C.\} and Motasem Alfarra and Guillaume Jeanneret and Laura Rueda and Ali Thabet and Bernard Ghanem and Pablo Arbelaez",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021 ; Conference date: 11-10-2021 Through 17-10-2021",

year = "2021",

doi = "10.1109/ICCVW54120.2021.00015",

language = "English",

series = "Proceedings of the IEEE International Conference on Computer Vision",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "81--91",

booktitle = "Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021",

address = "United States",

}

Perez, JC, Alfarra, M, Jeanneret, G, Rueda, L, Thabet, A, Ghanem, B & Arbelaez, P 2021, Enhancing Adversarial Robustness via Test-time Transformation Ensembling. En Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Proceedings of the IEEE International Conference on Computer Vision, vol. 2021-October, Institute of Electrical and Electronics Engineers Inc., pp. 81-91, 18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021, Virtual, Online, Canadá, 11/10/21. https://doi.org/10.1109/ICCVW54120.2021.00015

Enhancing Adversarial Robustness via Test-time Transformation Ensembling. / Perez, Juan C.; Alfarra, Motasem; Jeanneret, Guillaume et al.
Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 81-91 (Proceedings of the IEEE International Conference on Computer Vision; Vol. 2021-October).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - Enhancing Adversarial Robustness via Test-time Transformation Ensembling

AU - Perez, Juan C.

AU - Alfarra, Motasem

AU - Jeanneret, Guillaume

AU - Rueda, Laura

AU - Thabet, Ali

AU - Ghanem, Bernard

AU - Arbelaez, Pablo

PY - 2021

Y1 - 2021

N2 - Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.

AB - Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.

UR - https://www.scopus.com/pages/publications/85122450860

U2 - 10.1109/ICCVW54120.2021.00015

DO - 10.1109/ICCVW54120.2021.00015

M3 - Conference contribution

AN - SCOPUS:85122450860

T3 - Proceedings of the IEEE International Conference on Computer Vision

SP - 81

EP - 91

BT - Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021

Y2 - 11 October 2021 through 17 October 2021

ER -

Perez JC, Alfarra M, Jeanneret G, Rueda L, Thabet A, Ghanem B et al. Enhancing Adversarial Robustness via Test-time Transformation Ensembling. En Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 81-91. (Proceedings of the IEEE International Conference on Computer Vision). doi: 10.1109/ICCVW54120.2021.00015

Enhancing Adversarial Robustness via Test-time Transformation Ensembling

Resumen

Serie de la publicación

Conferencia

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto