Defense Through Diverse Directions
Publication
, Conference
Bender, CM; Li, Y; Shi, Y; Reiter, MK; Oliva, JB
Published in: Proceedings of Machine Learning Research
January 1, 2020
In this work we develop a novel Bayesian neural network methodology to achieve strong adversarial robustness without the need for online adversarial training. Unlike previous efforts in this direction, we do not rely solely on the stochastic-ity of network weights by minimizing the divergence between the learned parameter distribution and a prior. Instead, we additionally require that the model maintain some expected uncertainty with respect to all input covariates. We demonstrate that by encouraging the network to distribute evenly across inputs, the network becomes less susceptible to localized, brittle features which imparts a natural robustness to targeted perturbations. We show empirical robustness on several benchmark datasets.
Duke Scholars
Published In
Proceedings of Machine Learning Research
EISSN
2640-3498
Publication Date
January 1, 2020
Volume
119
Start / End Page
756 / 766
Citation
APA
Chicago
ICMJE
MLA
NLM
Bender, C. M., Li, Y., Shi, Y., Reiter, M. K., & Oliva, J. B. (2020). Defense Through Diverse Directions. In Proceedings of Machine Learning Research (Vol. 119, pp. 756–766).
Bender, C. M., Y. Li, Y. Shi, M. K. Reiter, and J. B. Oliva. “Defense Through Diverse Directions.” In Proceedings of Machine Learning Research, 119:756–66, 2020.
Bender CM, Li Y, Shi Y, Reiter MK, Oliva JB. Defense Through Diverse Directions. In: Proceedings of Machine Learning Research. 2020. p. 756–66.
Bender, C. M., et al. “Defense Through Diverse Directions.” Proceedings of Machine Learning Research, vol. 119, 2020, pp. 756–66.
Bender CM, Li Y, Shi Y, Reiter MK, Oliva JB. Defense Through Diverse Directions. Proceedings of Machine Learning Research. 2020. p. 756–766.
Published In
Proceedings of Machine Learning Research
EISSN
2640-3498
Publication Date
January 1, 2020
Volume
119
Start / End Page
756 / 766