Improving adversarial robustness by learning shared information

Xi Yu; Niklas Smedemark-Margulies; Shuchin Aeron; Toshiaki Koike-Akino; Pierre Moulin; Matthew Brand; Kieran Parsons; Ye Wang

doi:10.1016/j.patcog.2022.109054

Improving adversarial robustness by learning shared information

Xi Yu, Niklas Smedemark-Margulies, Shuchin Aeron, Toshiaki Koike-Akino, Pierre Moulin, Matthew Brand, Kieran Parsons, Ye Wang

Research output: Contribution to journal › Article › peer-review

Abstract

We consider the problem of improving the adversarial robustness of neural networks while retaining natural accuracy. Motivated by the multi-view information bottleneck formalism, we seek to learn a representation that captures the shared information between clean samples and their corresponding adversarial samples while discarding these samples’ view-specific information. We show that this approach leads to a novel multi-objective loss function, and we provide mathematical motivation for its components towards improving the robust vs. natural accuracy tradeoff. We demonstrate enhanced tradeoff compared to current state-of-the-art methods with extensive evaluation on various benchmark image datasets and architectures. Ablation studies indicate that learning shared representations is key to improving performance.

Original language	English (US)
Article number	109054
Journal	Pattern Recognition
Volume	134
DOIs	https://doi.org/10.1016/j.patcog.2022.109054
State	Published - Feb 2023

Keywords

Adversarial robustness
Information bottleneck
Multi-view learning
Shared information

ASJC Scopus subject areas

Software
Signal Processing
Computer Vision and Pattern Recognition
Artificial Intelligence

Online availability

10.1016/j.patcog.2022.109054

Library availability

Discover UIUC Full Text

Cite this

@article{812271a9090e428099d0014c39db80c0,

title = "Improving adversarial robustness by learning shared information",

abstract = "We consider the problem of improving the adversarial robustness of neural networks while retaining natural accuracy. Motivated by the multi-view information bottleneck formalism, we seek to learn a representation that captures the shared information between clean samples and their corresponding adversarial samples while discarding these samples{\textquoteright} view-specific information. We show that this approach leads to a novel multi-objective loss function, and we provide mathematical motivation for its components towards improving the robust vs. natural accuracy tradeoff. We demonstrate enhanced tradeoff compared to current state-of-the-art methods with extensive evaluation on various benchmark image datasets and architectures. Ablation studies indicate that learning shared representations is key to improving performance.",

keywords = "Adversarial robustness, Information bottleneck, Multi-view learning, Shared information",

author = "Xi Yu and Niklas Smedemark-Margulies and Shuchin Aeron and Toshiaki Koike-Akino and Pierre Moulin and Matthew Brand and Kieran Parsons and Ye Wang",

note = "Publisher Copyright: {\textcopyright} 2022 Elsevier Ltd",

year = "2023",

month = feb,

doi = "10.1016/j.patcog.2022.109054",

language = "English (US)",

volume = "134",

journal = "Pattern Recognition",

issn = "0031-3203",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - Improving adversarial robustness by learning shared information

AU - Yu, Xi

AU - Smedemark-Margulies, Niklas

AU - Aeron, Shuchin

AU - Koike-Akino, Toshiaki

AU - Moulin, Pierre

AU - Brand, Matthew

AU - Parsons, Kieran

AU - Wang, Ye

PY - 2023/2

Y1 - 2023/2

N2 - We consider the problem of improving the adversarial robustness of neural networks while retaining natural accuracy. Motivated by the multi-view information bottleneck formalism, we seek to learn a representation that captures the shared information between clean samples and their corresponding adversarial samples while discarding these samples’ view-specific information. We show that this approach leads to a novel multi-objective loss function, and we provide mathematical motivation for its components towards improving the robust vs. natural accuracy tradeoff. We demonstrate enhanced tradeoff compared to current state-of-the-art methods with extensive evaluation on various benchmark image datasets and architectures. Ablation studies indicate that learning shared representations is key to improving performance.

AB - We consider the problem of improving the adversarial robustness of neural networks while retaining natural accuracy. Motivated by the multi-view information bottleneck formalism, we seek to learn a representation that captures the shared information between clean samples and their corresponding adversarial samples while discarding these samples’ view-specific information. We show that this approach leads to a novel multi-objective loss function, and we provide mathematical motivation for its components towards improving the robust vs. natural accuracy tradeoff. We demonstrate enhanced tradeoff compared to current state-of-the-art methods with extensive evaluation on various benchmark image datasets and architectures. Ablation studies indicate that learning shared representations is key to improving performance.

KW - Adversarial robustness

KW - Information bottleneck

KW - Multi-view learning

KW - Shared information

UR - http://www.scopus.com/inward/record.url?scp=85139051342&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85139051342&partnerID=8YFLogxK

U2 - 10.1016/j.patcog.2022.109054

DO - 10.1016/j.patcog.2022.109054

M3 - Article

AN - SCOPUS:85139051342

SN - 0031-3203

VL - 134

JO - Pattern Recognition

JF - Pattern Recognition

M1 - 109054

ER -

Improving adversarial robustness by learning shared information

Abstract

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this