1. Improving adversarial robustness by learning shared information.
- Author
-
Yu, Xi, Smedemark-Margulies, Niklas, Aeron, Shuchin, Koike-Akino, Toshiaki, Moulin, Pierre, Brand, Matthew, Parsons, Kieran, and Wang, Ye
- Subjects
- *
ARTIFICIAL neural networks - Abstract
• Inspired by multi-view representation learning, we propose a scheme casting adversarial examples as a secondary view. • We propose and analyze our loss for learning representations with shared information between clean and adversarial samples. • We demonstrate that our method achieves improved robust vs. natural accuracy tradeoffs over several attacks and datasets. We consider the problem of improving the adversarial robustness of neural networks while retaining natural accuracy. Motivated by the multi-view information bottleneck formalism, we seek to learn a representation that captures the shared information between clean samples and their corresponding adversarial samples while discarding these samples' view-specific information. We show that this approach leads to a novel multi-objective loss function, and we provide mathematical motivation for its components towards improving the robust vs. natural accuracy tradeoff. We demonstrate enhanced tradeoff compared to current state-of-the-art methods with extensive evaluation on various benchmark image datasets and architectures. Ablation studies indicate that learning shared representations is key to improving performance. [ABSTRACT FROM AUTHOR]
- Published
- 2023
- Full Text
- View/download PDF