Optimising Network Architectures for Provable Adversarial Robustness

Henry Gouk; Timothy M Hospedales

doi:10.1109/SSPD47486.2020.9272169

Optimising Network Architectures for Provable Adversarial Robustness

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Existing Lipschitz-based provable defences to adversarial examples only cover the l₂threat model. We introduce the first bound that makes use of Lipschitz continuity to provide a more general guarantee for threat models based on any l_pnorm. Additionally, a new strategy is proposed for designing network architectures that exhibit superior provable adversarial robustness over conventional convolutional neural networks. Experiments are conducted to validate our theoretical contributions, show that the assumptions made during the design of our novel architecture hold in practice, and quantify the empirical robustness of several Lipschitz-based adversarial defence methods.

Original language	English
Title of host publication	2020 Sensor Signal Processing for Defence Conference (SSPD)
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	1-5
Number of pages	5
ISBN (Electronic)	978-1-7281-3810-7
ISBN (Print)	978-1-7281-3811-4
DOIs	https://doi.org/10.1109/SSPD47486.2020.9272169
Publication status	Published - 30 Nov 2020
Event	9th International Conference of the Sensor Signal Processing for Defence - Virtual Conference, United Kingdom Duration: 15 Sep 2020 → 16 Sep 2020 https://sspd.eng.ed.ac.uk/

Conference

Conference	9th International Conference of the Sensor Signal Processing for Defence
Abbreviated title	SSPD 2020
Country/Territory	United Kingdom
City	Virtual Conference
Period	15/09/20 → 16/09/20
Internet address	https://sspd.eng.ed.ac.uk/

Keywords

Artificial Neural Network
Computer Vision

Access to Document

10.1109/SSPD47486.2020.9272169Licence: All Rights Reserved

Optimising Network_GOUK_DOA21072020_AFVAccepted author manuscript, 214 KBLicence: All Rights Reserved

https://ieeexplore.ieee.org/document/9272169Licence: All Rights Reserved

Cite this

@inproceedings{68da266618d446daba9fc06d987b731b,

title = "Optimising Network Architectures for Provable Adversarial Robustness",

abstract = "Existing Lipschitz-based provable defences to adversarial examples only cover the l2 threat model. We introduce the first bound that makes use of Lipschitz continuity to provide a more general guarantee for threat models based on any lp norm. Additionally, a new strategy is proposed for designing network architectures that exhibit superior provable adversarial robustness over conventional convolutional neural networks. Experiments are conducted to validate our theoretical contributions, show that the assumptions made during the design of our novel architecture hold in practice, and quantify the empirical robustness of several Lipschitz-based adversarial defence methods.",

keywords = "Artificial Neural Network, Computer Vision",

author = "Henry Gouk and Hospedales, {Timothy M}",

year = "2020",

month = nov,

day = "30",

doi = "10.1109/SSPD47486.2020.9272169",

language = "English",

isbn = "978-1-7281-3811-4",

pages = "1--5",

booktitle = "2020 Sensor Signal Processing for Defence Conference (SSPD)",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "9th International Conference of the Sensor Signal Processing for Defence , SSPD 2020 ; Conference date: 15-09-2020 Through 16-09-2020",

url = "https://sspd.eng.ed.ac.uk/",

}

Gouk, H & Hospedales, TM 2020, Optimising Network Architectures for Provable Adversarial Robustness. in 2020 Sensor Signal Processing for Defence Conference (SSPD). Institute of Electrical and Electronics Engineers (IEEE), pp. 1-5, 9th International Conference of the Sensor Signal Processing for Defence , Virtual Conference, United Kingdom, 15/09/20. https://doi.org/10.1109/SSPD47486.2020.9272169

TY - GEN

T1 - Optimising Network Architectures for Provable Adversarial Robustness

AU - Gouk, Henry

AU - Hospedales, Timothy M

PY - 2020/11/30

Y1 - 2020/11/30

N2 - Existing Lipschitz-based provable defences to adversarial examples only cover the l2 threat model. We introduce the first bound that makes use of Lipschitz continuity to provide a more general guarantee for threat models based on any lp norm. Additionally, a new strategy is proposed for designing network architectures that exhibit superior provable adversarial robustness over conventional convolutional neural networks. Experiments are conducted to validate our theoretical contributions, show that the assumptions made during the design of our novel architecture hold in practice, and quantify the empirical robustness of several Lipschitz-based adversarial defence methods.

AB - Existing Lipschitz-based provable defences to adversarial examples only cover the l2 threat model. We introduce the first bound that makes use of Lipschitz continuity to provide a more general guarantee for threat models based on any lp norm. Additionally, a new strategy is proposed for designing network architectures that exhibit superior provable adversarial robustness over conventional convolutional neural networks. Experiments are conducted to validate our theoretical contributions, show that the assumptions made during the design of our novel architecture hold in practice, and quantify the empirical robustness of several Lipschitz-based adversarial defence methods.

KW - Artificial Neural Network

KW - Computer Vision

U2 - 10.1109/SSPD47486.2020.9272169

DO - 10.1109/SSPD47486.2020.9272169

M3 - Conference contribution

SN - 978-1-7281-3811-4

SP - 1

EP - 5

BT - 2020 Sensor Signal Processing for Defence Conference (SSPD)

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 9th International Conference of the Sensor Signal Processing for Defence

Y2 - 15 September 2020 through 16 September 2020

ER -

Optimising Network Architectures for Provable Adversarial Robustness

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this