Enhancing Adversarial Robustness via Test-time Transformation Ensembling

Thumbnail
Name:
Preprintfile1.pdf
Size:
4.185Mb
Format:
PDF
Description:
Pre-print
Download
Type
Conference Paper
Authors
Perez, Juan C.
Alfarra, Motasem
Jeanneret, Guillaume
Rueda, Laura
Thabet, Ali Kassem cc
Ghanem, Bernard cc
Arbelaez, Pablo
KAUST Department
Computer, Electrical and Mathematical Science and Engineering (CEMSE) Division
Electrical and Computer Engineering
Electrical and Computer Engineering Program
GCR - Award Administration
Integrative Activities
Office of Competitive Research Funds
VCC Analytics Research Group
Visual Computing Center (VCC)
Date
2021-10
Permanent link to this record
http://hdl.handle.net/10754/670356

Metadata
Show full item record
Abstract
Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.
Citation
Perez, J. C., Alfarra, M., Jeanneret, G., Rueda, L., Thabet, A., Ghanem, B., & Arbelaez, P. (2021). Enhancing Adversarial Robustness via Test-time Transformation Ensembling. 2021 IEEE/CVF International Conference on Computer Vision Workshops (ICCVW). doi:10.1109/iccvw54120.2021.00015
Sponsors
This work was partially supported by the King Abdullah University of Science and Technology (KAUST) Office of Sponsored Research.
Publisher
IEEE
Conference/Event name
18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021
ISBN
9781665401913
DOI
10.1109/iccvw54120.2021.00015
arXiv
2107.14110
Additional Links
https://ieeexplore.ieee.org/document/9607771/
Collections
Conference Papers; Electrical and Computer Engineering Program; Visual Computing Center (VCC); Computer, Electrical and Mathematical Science and Engineering (CEMSE) Division

Version History

VersionItemEditorDateSummary
210754/670356*Rawan Karsou2022-03-30T09:37:57ZConference Paper
110754/670356.1KAUST Repository2021-08-02T11:24:35Z

*Selected version