Universal adversarial robustness of texture and shape-biased models

Co, Kenneth T; Muñoz-González, Luis; Kanthan, Leslie; Glocker, Ben; Lupu, Emil C

doi:https://www.dx.doi.org/10.1109/ICIP42928.2021.9506325

File(s)

1911.10364v4.pdf (1.78 MB)

Accepted version

Author(s)

Co, Kenneth T

Muñoz-González, Luis

Kanthan, Leslie

Glocker, Ben

Lupu, Emil C

Type

Conference Paper

Abstract

Increasing shape-bias in deep neural networks has been shown to improve
robustness to common corruptions and noise. In this paper we analyze the
adversarial robustness of texture and shape-biased models to Universal
Adversarial Perturbations (UAPs). We use UAPs to evaluate the robustness of DNN
models with varying degrees of shape-based training. We find that shape-biased
models do not markedly improve adversarial robustness, and we show that
ensembles of texture and shape-biased models can improve universal adversarial
robustness while maintaining strong performance.

Date Issued

2021-08-23

Date Acceptance

2021-05-20

Citation

2021 IEEE International Conference on Image Processing (ICIP), 2021

URI

http://hdl.handle.net/10044/1/91993

DOI

https://www.dx.doi.org/10.1109/ICIP42928.2021.9506325

Journal / Book Title

2021 IEEE International Conference on Image Processing (ICIP)

Copyright Statement

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Identifier

http://arxiv.org/abs/1911.10364v3

Source

IEEE International Conference on Image Processing (ICIP)

Subjects

cs.CV

Notes

Code available at: https://github.com/kenny-co/sgd-uap-torch

Publication Status

Published

Start Date

2021-09-19

Finish Date

2021-09-22

Coverage Spatial

Anchorage, AK, USA