Defense through diverse directions
Publication
, Conference
Bender, CM; Li, Y; Shi, Y; Reiter, MK; Oliva, JB
Published in: 37th International Conference on Machine Learning, ICML 2020
January 1, 2020
In this work we develop a novel Bayesian neural network methodology to achieve strong adversarial robustness without the need for online adversarial training. Unlike previous efforts in this direction, we do not rely solely on the stochasticity of network weights by minimizing the divergence between the learned parameter distribution and a prior. Instead, we additionally require that the model maintain some expected uncertainty with respect to all input covariates. We demonstrate that by encouraging the network to distribute evenly across inputs, the network becomes less susceptible to localized, brittle features which imparts a natural robustness to targeted perturbations. We show empirical robustness on several benchmark datasets.
Duke Scholars
Published In
37th International Conference on Machine Learning, ICML 2020
Publication Date
January 1, 2020
Volume
PartF168147-1
Start / End Page
733 / 743
Citation
APA
Chicago
ICMJE
MLA
NLM
Bender, C. M., Li, Y., Shi, Y., Reiter, M. K., & Oliva, J. B. (2020). Defense through diverse directions. In 37th International Conference on Machine Learning, ICML 2020 (Vol. PartF168147-1, pp. 733–743).
Published In
37th International Conference on Machine Learning, ICML 2020
Publication Date
January 1, 2020
Volume
PartF168147-1
Start / End Page
733 / 743