Kavli Affiliate: Ran Wang
| First 5 Authors: Ran Wang, Xinlei Zhou, Meng Hu, Rihao Li, Wenhui Wu
| Summary:
Despite the remarkable success of deep neural networks (DNNs), the security
threat of adversarial attacks poses a significant challenge to the reliability
of DNNs. In this paper, both theoretically and empirically, we discover a
universal phenomenon that has been neglected in previous works, i.e.,
adversarial attacks tend to shift the distributions of feature statistics.
Motivated by this finding, and by leveraging the advantages of
uncertainty-aware stochastic methods in building robust models efficiently, we
propose an uncertainty-driven feature statistics adjustment module for
robustness enhancement, named Feature Statistics with Uncertainty (FSU). It
randomly resamples channel-wise feature means and standard deviations of
examples from multivariate Gaussian distributions, which helps to reconstruct
the perturbed examples and calibrate the shifted distributions. The calibration
recovers some domain characteristics of the data for classification, thereby
mitigating the influence of perturbations and weakening the ability of attacks
to deceive models. The proposed FSU module has universal applicability in
training, attacking, predicting, and fine-tuning, demonstrating impressive
robustness enhancement ability at a trivial additional time cost. For example,
by fine-tuning the well-established models with FSU, the state-of-the-art
methods achieve up to 17.13% and 34.82% robustness improvement against powerful
AA and CW attacks on benchmark datasets.
| Search Query: ArXiv Query: search_query=au:”Ran Wang”&id_list=&start=0&max_results=3