Kavli Affiliate: Ran Wang
| First 5 Authors: Ran Wang, Xinlei Zhou, Rihao Li, Meng Hu, Wenhui Wu
| Summary:
Despite the remarkable success of deep neural networks (DNNs), the security
threat of adversarial attacks poses a significant challenge to the reliability
of DNNs. By introducing randomness into different parts of DNNs, stochastic
methods can enable the model to learn some uncertainty, thereby improving model
robustness efficiently. In this paper, we theoretically discover a universal
phenomenon that adversarial attacks will shift the distributions of feature
statistics. Motivated by this theoretical finding, we propose a robustness
enhancement module called Feature Statistics with Uncertainty (FSU). It
resamples channel-wise feature means and standard deviations of examples from
multivariate Gaussian distributions, which helps to reconstruct the attacked
examples and calibrate the shifted distributions. The calibration recovers some
domain characteristics of the data for classification, thereby mitigating the
influence of perturbations and weakening the ability of attacks to deceive
models. The proposed FSU module has universal applicability in training,
attacking, predicting and fine-tuning, demonstrating impressive robustness
enhancement ability at trivial additional time cost. For example, against
powerful optimization-based CW attacks, by incorporating FSU into attacking and
predicting phases, it endows many collapsed state-of-the-art models with
50%-80% robust accuracy on CIFAR10, CIFAR100 and SVHN.
| Search Query: ArXiv Query: search_query=au:”Ran Wang”&id_list=&start=0&max_results=3