skip to main content
10.1145/3488560.3502216acmconferencesArticle/Chapter ViewAbstractPublication PageswsdmConference Proceedingsconference-collections
extended-abstract

Towards Practical Robustness Evaluation and Robustness Enhancing

Published: 15 February 2022 Publication History

Abstract

Deep neural networks (DNNs) have been widely applied on various machine learning tasks and have achieved significant performance across multiple domains. However, it well known that DNNs suffer from severe adversarial vulnerability. Thus it raises great concernswhen DNNs are adopted to safety-critical tasks. These concerns boost the area of adversarial machine learning, which mainly fo-cus on evaluating model robustness through adversarial attacks and gain reliable model performance through adversarial defenses.Among this board topic, my research work focus on a practical perspective. Specifically, there are three subtopics: (1) Enhancing robustness performance for adversarial learning from feature perspective. (2) Standardized and Reliable evaluation for black box attacks under different settings. (3) Building user-friendly adversarial learning tools to help evaluate model robustness. In this research statement, we will mainly focus on these three topics and we will take this opportunity to share our contribution to the relate problems.

Supplementary Material

MOV File (WSDM22-ds06.mov)
DC short presentation, introducing DeepRobust, which is an adversarial learning library.

References

[1]
Athalye, A., Carlini, N., and Wagner, D. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In International Conference on Machine Learning (2018), PMLR, pp. 274--283.
[2]
Carlini, N., and Wagner, D. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp) (2017), IEEE, pp. 39--57.
[3]
Ding, G. W., Sharma, Y., Lui, K. Y. C., and Huang, R. Mma training: Direct input space margin maximization through adversarial training. arXiv preprint arXiv:1812.02637 (2018).
[4]
Goodfellow, I. J., Shlens, J., and Szegedy, C. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).
[5]
Jin, W., Li, Y., Xu, H., Wang, Y., and Tang, J. Adversarial attacks and defenses on graphs: A review and empirical study. arXiv preprint arXiv:2003.00653 (2020).
[6]
Jin, W., Ma, Y., Liu, X., Tang, X., Wang, S., and Tang, J. Graph structure learning for robust graph neural networks. arXiv preprint arXiv:2005.10203 (2020).
[7]
Madry, A., Makelov, A., Schmidt, L., Tsipras, D., and Vladu, A. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).
[8]
Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z. B., and Swami, A. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia conference on computer and communications security (2017), pp. 506--519.
[9]
Papernot, N., McDaniel, P., Wu, X., Jha, S., and Swami, A. Distillation as a defense to adversarial perturbations against deep neural networks. In 2016 IEEE symposium on security and privacy (SP) (2016), IEEE, pp. 582--597.
[10]
Rice, L., Wong, E., and Kolter, Z. Overfitting in adversarially robust deep learning. In International Conference on Machine Learning (2020), PMLR, pp. 8093--8104.
[11]
Ross, A., and Doshi-Velez, F. Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. In Proceedings of the AAAI Conference on Artificial Intelligence (2018), vol. 32.
[12]
Schmidt, L., Santurkar, S., Tsipras, D., Talwar, K., and Mka dry, A. Adversarially robust generalization requires more data. arXiv preprint arXiv:1804.11285 (2018).
[13]
Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., and McDaniel, P. Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv:1705.07204 (2017).
[14]
Tsipras, D., Santurkar, S., Engstrom, L., Turner, A., and Madry, A. Robustness may be at odds with accuracy. arXiv preprint arXiv:1805.12152 (2018).
[15]
Wang, Y., Zou, D., Yi, J., Bailey, J., Ma, X., and Gu, Q. Improving adversarial robustness requires revisiting misclassified examples. In International Conference on Learning Representations (2019).
[16]
Wu, D., Xia, S.-T., and Wang, Y. Adversarial weight perturbation helps robust generalization. Advances in Neural Information Processing Systems 33 (2020).
[17]
Xie, C., Zhang, Z., Zhou, Y., Bai, S., Wang, J., Ren, Z., and Yuille, A. L. Improving transferability of adversarial examples with input diversity. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (2019), pp. 2730--2739.
[18]
Xu, H., Ma, Y., Liu, H.-C., Deb, D., Liu, H., Tang, J.-L., and Jain, A. K. Adversarial attacks and defenses in images, graphs and text: A review. International Journal of Automation and Computing 17, 2 (2020), 151--178.
[19]
Zhang, H., Yu, Y., Jiao, J., Xing, E., El Ghaoui, L., and Jordan, M. Theoretically principled trade-off between robustness and accuracy. In International Conference on Machine Learning (2019), PMLR, pp. 7472--7482.
[20]
Zhang, J., Xu, X., Han, B., Niu, G., Cui, L., Sugiyama, M., and Kankanhalli, M. Attacks which do not kill training make adversarial learning stronger. In International Conference on Machine Learning (2020), PMLR, pp. 11278--11287.
[21]
Zhang, J., Zhu, J., Niu, G., Han, B., Sugiyama, M., and Kankanhalli, M. Geometry-aware instance-reweighted adversarial training. arXiv preprint arXiv:2010.01736 (2020).

Index Terms

  1. Towards Practical Robustness Evaluation and Robustness Enhancing

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WSDM '22: Proceedings of the Fifteenth ACM International Conference on Web Search and Data Mining
    February 2022
    1690 pages
    ISBN:9781450391320
    DOI:10.1145/3488560
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 February 2022

    Check for updates

    Author Tags

    1. adversarial attack
    2. deep learning
    3. robustness

    Qualifiers

    • Extended-abstract

    Funding Sources

    • Army Research Office (ARO)
    • National Science Foundation (NSF)

    Conference

    WSDM '22

    Acceptance Rates

    Overall Acceptance Rate 498 of 2,863 submissions, 17%

    Upcoming Conference

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 108
      Total Downloads
    • Downloads (Last 12 months)12
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 13 Feb 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media