Roll the dice: Monte Carlo Downsampling as a low-cost Adversarial Defence

Download PDF

Shashank Agnihotri, Shashank Priyadarshi, Hendrik Sommerhoff, Julia Grabinski, Andreas Kolb, Margret Keuper

16 Sept 2024 (modified: 28 Nov 2024)ICLR 2025 Conference Withdrawn SubmissionEveryoneRevisionsBibTeXCC BY 4.0
Keywords: adversarial attacks, adversarial defense, stochasticity
TL;DR: We propose a novel adversarial defense method that introduces stochasticity during downsampling to improve the iid v/s robustness trade-off.
Abstract: The well-known vulnerability of Neural Networks to adversarial attacks is concerning, more so with the increasing reliance on them for real-world applications like autonomous driving, medical imaging, and others. Multiple previous works have proposed defense methods against adversarial attacks, including adversarial training, adding random noise to images, frequency pooling, and others. We observe from several such works, that there are two main paradigms for mitigating adversarial attacks. First, effective downsampling leads to learning better feature representations during training, thus improving the performance on attacked and non-attacked samples. However, these methods are expensive. Second, perturbing samples with for example random noise helps in mitigating adversarial attacks as they stymie the flow of gradients to optimize the attacks. However, these methods lower the network's performance on non-attacked samples. Thus, in this work, we combine the best of both strategies to propose a novel Monte-Carlo sampling-based approach for downsampling called Stochastic Downsampling. We combine bi-linear interpolation with Monte Carlo integration for performing downsampling. This helps us mitigate adversarial attacks while preserving the performance of non-attacked samples, thus increasing reliability. Our proposed Stochastic Downsampling operator can easily be integrated into any existing architecture, including adversarially pre-trained networks, with some finetuning. We show the effectiveness of Stochastic Dowsampling over multiple image classification datasets using different network architectures with different training strategies. We provide the code for performing Stochastic Downsampling here: Anonymous GitHub Repository (https://anonymous.4open.science/r/stochastic-downsampling/).
Primary Area: other topics in machine learning (i.e., none of the above)
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2025/AuthorGuide.
Reciprocal Reviewing: I understand the reciprocal reviewing requirement as described on https://iclr.cc/Conferences/2025/CallForPapers. If none of the authors are registered as a reviewer, it may result in a desk rejection at the discretion of the program chairs. To request an exception, please complete this form at https://forms.gle/Huojr6VjkFxiQsUp6.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors’ identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 1058