A Novel Approach For Adversarial Robustness
Primary Area: representation learning for computer vision, audio, language, and other modalities
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Keywords: Adversarial Robustness, Randomized Feature Squeezing
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Abstract: Deep learning has made tremendous progress in the last decades; however, it is not robust to adversarial attacks.
To deal with this issue, perhaps the most effective approach is adversarial training at a high computational cost, although it is impractical as it needs prior knowledge about the attackers.
In this paper, we propose a novel approach that can train a robust network only through standard training
with clean images without awareness of the attacker's strategy. Essentially, we add a specially designed network input layer,
which accomplishes a randomized feature squeezing to greatly reduce the malicious perturbation.
It achieves the state of the art of robustness against unseen ${l_1,l_2,\text{and }l_\infty}$-attacks at one time in terms of the computational cost of the attacker versus the defender through just 100/50 epochs of standard training with clean images in CIFAR-10/ImageNet.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 798
Loading