Weight-covariance alignment for adversarially robust neural networks

Panagiotis Eustratiadis; Henry Gouk; Da Li; Timothy Hospedales

Weight-covariance alignment for adversarially robust neural networks

Panagiotis Eustratiadis, Henry Gouk, Da Li, Timothy Hospedales

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Stochastic Neural Networks (SNNs) that inject noise into their hidden layers have recently been shown to achieve strong robustness against adversarial attacks. However, existing SNNs are usually heuristically motivated, and often rely on adversarial training, which is computationally costly. We propose a new SNN that achieves state-of-the-art performance without relying on adversarial training, and enjoys solid theoretical justification. Specifically, while existing SNNs inject learned or hand-tuned isotropic noise, our SNN learns an anisotropic noise distribution to optimize a learning-theoretic bound on adversarial robustness. We evaluate our method on a number of popular benchmarks, show that it can be applied to different architectures, and that it provides robustness to a variety of white-box and black-box attacks, while being simple and fast to train compared to existing alternatives.

Original language	English
Title of host publication	Proceedings of the 38th International Conference on Machine Learning
Editors	Marina Meila, Tong Zhang
Publisher	PMLR
Pages	3047-3056
Number of pages	10
Publication status	Published - 18 Jul 2021
Event	Thirty-eighth International Conference on Machine Learning - Online Duration: 18 Jul 2021 → 24 Jul 2021 https://icml.cc/

Publication series

Name	Proceedings of Machine Learning Research
Publisher	PMLR
Volume	139
ISSN (Electronic)	2640-3498

Conference

Conference	Thirty-eighth International Conference on Machine Learning
Abbreviated title	ICML 2021
Period	18/07/21 → 24/07/21
Internet address	https://icml.cc/

Access to Document

Weight-Covariance Alignment_EUSTRATIADIS_DOA08052021_VOR_CC_BYFinal published version, 3.39 MBLicence: Creative Commons: Attribution (CC-BY)

https://proceedings.mlr.press/v139/eustratiadis21a.htmlLicence: Creative Commons: Attribution (CC-BY)

Signal Processing in the Information Age
Davies, M., Hopgood, J., Hospedales, T., Mulgrew, B., Thompson, J., Tsaftaris, S. & Yaghoobi Vaighan, M.
EPSRC
1/07/18 → 31/03/24
Project: Research

Cite this

@inproceedings{17c11ca472f84e41834cd4fa59ddfb55,

title = "Weight-covariance alignment for adversarially robust neural networks",

abstract = "Stochastic Neural Networks (SNNs) that inject noise into their hidden layers have recently been shown to achieve strong robustness against adversarial attacks. However, existing SNNs are usually heuristically motivated, and often rely on adversarial training, which is computationally costly. We propose a new SNN that achieves state-of-the-art performance without relying on adversarial training, and enjoys solid theoretical justification. Specifically, while existing SNNs inject learned or hand-tuned isotropic noise, our SNN learns an anisotropic noise distribution to optimize a learning-theoretic bound on adversarial robustness. We evaluate our method on a number of popular benchmarks, show that it can be applied to different architectures, and that it provides robustness to a variety of white-box and black-box attacks, while being simple and fast to train compared to existing alternatives.",

author = "Panagiotis Eustratiadis and Henry Gouk and Da Li and Timothy Hospedales",

year = "2021",

month = jul,

day = "18",

language = "English",

series = "Proceedings of Machine Learning Research",

publisher = "PMLR",

pages = "3047--3056",

editor = "Marina Meila and Tong Zhang",

booktitle = "Proceedings of the 38th International Conference on Machine Learning",

note = "Thirty-eighth International Conference on Machine Learning, ICML 2021 ; Conference date: 18-07-2021 Through 24-07-2021",

url = "https://icml.cc/",

}

Eustratiadis, P, Gouk, H, Li, D & Hospedales, T 2021, Weight-covariance alignment for adversarially robust neural networks. in M Meila & T Zhang (eds), Proceedings of the 38th International Conference on Machine Learning. Proceedings of Machine Learning Research, vol. 139, PMLR, pp. 3047-3056, Thirty-eighth International Conference on Machine Learning, 18/07/21. <https://proceedings.mlr.press/v139/eustratiadis21a.html>

Weight-covariance alignment for adversarially robust neural networks. / Eustratiadis, Panagiotis; Gouk, Henry; Li, Da et al.
Proceedings of the 38th International Conference on Machine Learning. ed. / Marina Meila; Tong Zhang. PMLR, 2021. p. 3047-3056 (Proceedings of Machine Learning Research; Vol. 139).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Weight-covariance alignment for adversarially robust neural networks

AU - Eustratiadis, Panagiotis

AU - Gouk, Henry

AU - Li, Da

AU - Hospedales, Timothy

PY - 2021/7/18

Y1 - 2021/7/18

N2 - Stochastic Neural Networks (SNNs) that inject noise into their hidden layers have recently been shown to achieve strong robustness against adversarial attacks. However, existing SNNs are usually heuristically motivated, and often rely on adversarial training, which is computationally costly. We propose a new SNN that achieves state-of-the-art performance without relying on adversarial training, and enjoys solid theoretical justification. Specifically, while existing SNNs inject learned or hand-tuned isotropic noise, our SNN learns an anisotropic noise distribution to optimize a learning-theoretic bound on adversarial robustness. We evaluate our method on a number of popular benchmarks, show that it can be applied to different architectures, and that it provides robustness to a variety of white-box and black-box attacks, while being simple and fast to train compared to existing alternatives.

AB - Stochastic Neural Networks (SNNs) that inject noise into their hidden layers have recently been shown to achieve strong robustness against adversarial attacks. However, existing SNNs are usually heuristically motivated, and often rely on adversarial training, which is computationally costly. We propose a new SNN that achieves state-of-the-art performance without relying on adversarial training, and enjoys solid theoretical justification. Specifically, while existing SNNs inject learned or hand-tuned isotropic noise, our SNN learns an anisotropic noise distribution to optimize a learning-theoretic bound on adversarial robustness. We evaluate our method on a number of popular benchmarks, show that it can be applied to different architectures, and that it provides robustness to a variety of white-box and black-box attacks, while being simple and fast to train compared to existing alternatives.

M3 - Conference contribution

T3 - Proceedings of Machine Learning Research

SP - 3047

EP - 3056

BT - Proceedings of the 38th International Conference on Machine Learning

A2 - Meila, Marina

A2 - Zhang, Tong

PB - PMLR

T2 - Thirty-eighth International Conference on Machine Learning

Y2 - 18 July 2021 through 24 July 2021

ER -

Weight-covariance alignment for adversarially robust neural networks

Abstract

Publication series

Conference

Access to Document

Fingerprint

Projects

Signal Processing in the Information Age

Cite this