Adversarial Data Robustness via Implicit Neural Representation

20 Sept 2023 (modified: 11 Feb 2024)Submitted to ICLR 2024EveryoneRevisionsBibTeX
Primary Area: societal considerations including fairness, safety, privacy
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Keywords: Adversarial attack, adversarial defense, implicit neural representation
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Abstract: Despite its effectiveness, adversarial training requires that users possess a detailed understanding of training settings. However, many common users lack such expertise, making adversarial training impossible and exposing them to potential threats. We propose ``adversarial data robustness'', allowing the data to resist adversarial perturbations. Then, even if adversaries attack those data, these post-attack data can still ensure downstream models' robustness at users' end. This leads to our new setup, where we store the data as a learnable representation via Implicit Neural Representation (INR). Then, we can train such a representation adversarially to achieve data robustness. This paper analyzes the possible attacks to this setup and proposes a defense strategy. We achieve a comparable robustness level without resorting to model-level adversarial training.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
Supplementary Material: zip
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 2306
Loading