Jacobian Regularization for Mitigating Universal Adversarial Perturbations View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2021-09-07

AUTHORS

Kenneth T. Co , David Martinez Rego , Emil C. Lupu

ABSTRACT

Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on large sets of data. They are a class of attacks that represents a significant threat as they facilitate realistic, practical, and low-cost attacks on neural networks. In this work, we derive upper bounds for the effectiveness of UAPs based on norms of data-dependent Jacobians. We empirically verify that Jacobian regularization greatly increases model robustness to UAPs by up to four times whilst maintaining clean performance. Our theoretical analysis also allows us to formulate a metric for the strength of shared adversarial perturbations between pairs of inputs. We apply this metric to benchmark datasets and show that it is highly correlated with the actual observed robustness. This suggests that realistic and practical universal attacks can be reliably mitigated without sacrificing clean accuracy, which shows promise for the robustness of machine learning systems. More... »

PAGES

202-213

Book

TITLE

Artificial Neural Networks and Machine Learning – ICANN 2021

ISBN

978-3-030-86379-1
978-3-030-86380-7

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-86380-7_17

DOI

http://dx.doi.org/10.1007/978-3-030-86380-7_17

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1141036613


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "DataSpartan, EC2Y 9ST, London, UK", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "Imperial College London, SW7 2AZ, London, UK", 
            "DataSpartan, EC2Y 9ST, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Co", 
        "givenName": "Kenneth T.", 
        "id": "sg:person.011401131771.67", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011401131771.67"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "DataSpartan, EC2Y 9ST, London, UK", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "DataSpartan, EC2Y 9ST, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Rego", 
        "givenName": "David Martinez", 
        "id": "sg:person.011061750057.58", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011061750057.58"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Imperial College London, SW7 2AZ, London, UK", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Imperial College London, SW7 2AZ, London, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lupu", 
        "givenName": "Emil C.", 
        "id": "sg:person.013404167044.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2021-09-07", 
    "datePublishedReg": "2021-09-07", 
    "description": "Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on large sets of data. They are a class of attacks that represents a significant threat as they facilitate realistic, practical, and low-cost attacks on neural networks. In this work, we derive upper bounds for the effectiveness of UAPs based on norms of data-dependent Jacobians. We empirically verify that Jacobian regularization greatly increases model robustness to UAPs by up\u00a0to four times whilst maintaining clean performance. Our theoretical analysis also allows us to formulate a metric for the strength of shared adversarial perturbations between pairs of inputs. We apply this metric to benchmark datasets and show that it is highly correlated with the actual observed robustness. This suggests that realistic and practical universal attacks can be reliably mitigated without sacrificing clean accuracy, which shows promise for the robustness of machine learning systems.", 
    "editor": [
      {
        "familyName": "Farka\u0161", 
        "givenName": "Igor", 
        "type": "Person"
      }, 
      {
        "familyName": "Masulli", 
        "givenName": "Paolo", 
        "type": "Person"
      }, 
      {
        "familyName": "Otte", 
        "givenName": "Sebastian", 
        "type": "Person"
      }, 
      {
        "familyName": "Wermter", 
        "givenName": "Stefan", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-86380-7_17", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-030-86379-1", 
        "978-3-030-86380-7"
      ], 
      "name": "Artificial Neural Networks and Machine Learning \u2013 ICANN 2021", 
      "type": "Book"
    }, 
    "keywords": [
      "universal adversarial perturbations", 
      "adversarial perturbations", 
      "neural network", 
      "robustness of machine", 
      "class of attacks", 
      "low-cost attack", 
      "Jacobian regularization", 
      "universal attack", 
      "benchmark datasets", 
      "clean accuracy", 
      "pair of input", 
      "model robustness", 
      "input perturbations", 
      "large set", 
      "upper bounds", 
      "attacks", 
      "network", 
      "robustness", 
      "metrics", 
      "theoretical analysis", 
      "observed robustness", 
      "regularization", 
      "perturbations", 
      "machine", 
      "dataset", 
      "Jacobian", 
      "bounds", 
      "accuracy", 
      "set", 
      "significant threat", 
      "input", 
      "performance", 
      "effectiveness", 
      "system", 
      "threat", 
      "class", 
      "work", 
      "data", 
      "clean performance", 
      "norms", 
      "time", 
      "promise", 
      "pairs", 
      "analysis", 
      "strength"
    ], 
    "name": "Jacobian Regularization for Mitigating Universal Adversarial Perturbations", 
    "pagination": "202-213", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1141036613"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-86380-7_17"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-86380-7_17", 
      "https://app.dimensions.ai/details/publication/pub.1141036613"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:15", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_331.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-86380-7_17"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-86380-7_17'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-86380-7_17'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-86380-7_17'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-86380-7_17'


 

This table displays all metadata directly associated to this object as RDF triples.

137 TRIPLES      22 PREDICATES      69 URIs      62 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-86380-7_17 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author N020a4e25114f4d78bb95efeb5d3e976c
4 schema:datePublished 2021-09-07
5 schema:datePublishedReg 2021-09-07
6 schema:description Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on large sets of data. They are a class of attacks that represents a significant threat as they facilitate realistic, practical, and low-cost attacks on neural networks. In this work, we derive upper bounds for the effectiveness of UAPs based on norms of data-dependent Jacobians. We empirically verify that Jacobian regularization greatly increases model robustness to UAPs by up to four times whilst maintaining clean performance. Our theoretical analysis also allows us to formulate a metric for the strength of shared adversarial perturbations between pairs of inputs. We apply this metric to benchmark datasets and show that it is highly correlated with the actual observed robustness. This suggests that realistic and practical universal attacks can be reliably mitigated without sacrificing clean accuracy, which shows promise for the robustness of machine learning systems.
7 schema:editor Nac93c4f4ed1546d6a44a1a46bcc27e34
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf Nd9469e28707e490c82311acd24876068
11 schema:keywords Jacobian
12 Jacobian regularization
13 accuracy
14 adversarial perturbations
15 analysis
16 attacks
17 benchmark datasets
18 bounds
19 class
20 class of attacks
21 clean accuracy
22 clean performance
23 data
24 dataset
25 effectiveness
26 input
27 input perturbations
28 large set
29 low-cost attack
30 machine
31 metrics
32 model robustness
33 network
34 neural network
35 norms
36 observed robustness
37 pair of input
38 pairs
39 performance
40 perturbations
41 promise
42 regularization
43 robustness
44 robustness of machine
45 set
46 significant threat
47 strength
48 system
49 theoretical analysis
50 threat
51 time
52 universal adversarial perturbations
53 universal attack
54 upper bounds
55 work
56 schema:name Jacobian Regularization for Mitigating Universal Adversarial Perturbations
57 schema:pagination 202-213
58 schema:productId N83df4961d4d043a9805aa97382998814
59 N887fc1698ca2412da29d8bf7819b578f
60 schema:publisher N2809fba2ffc7417fae9c9f2ed2df85d0
61 schema:sameAs https://app.dimensions.ai/details/publication/pub.1141036613
62 https://doi.org/10.1007/978-3-030-86380-7_17
63 schema:sdDatePublished 2022-09-02T16:15
64 schema:sdLicense https://scigraph.springernature.com/explorer/license/
65 schema:sdPublisher N38085c23f48349498ab89d8c45fc81f1
66 schema:url https://doi.org/10.1007/978-3-030-86380-7_17
67 sgo:license sg:explorer/license/
68 sgo:sdDataset chapters
69 rdf:type schema:Chapter
70 N020a4e25114f4d78bb95efeb5d3e976c rdf:first sg:person.011401131771.67
71 rdf:rest N1944400795ba4753b908dd9cb36d0602
72 N1944400795ba4753b908dd9cb36d0602 rdf:first sg:person.011061750057.58
73 rdf:rest N81b5ad51fe634eb9a8f5b7df591d4b6a
74 N2809fba2ffc7417fae9c9f2ed2df85d0 schema:name Springer Nature
75 rdf:type schema:Organisation
76 N38085c23f48349498ab89d8c45fc81f1 schema:name Springer Nature - SN SciGraph project
77 rdf:type schema:Organization
78 N3f99d2f2174f4a42838bec895e59a8d4 schema:familyName Masulli
79 schema:givenName Paolo
80 rdf:type schema:Person
81 N565cf4009d9242c38e2eb159f817b1e7 schema:familyName Wermter
82 schema:givenName Stefan
83 rdf:type schema:Person
84 N68fe065ba44143039a8b5045e5aa43fd schema:familyName Farkaš
85 schema:givenName Igor
86 rdf:type schema:Person
87 N6906b9b077c144a0ba9379a86adc6d1d rdf:first N565cf4009d9242c38e2eb159f817b1e7
88 rdf:rest rdf:nil
89 N7714b18e050a410fb48ca6e14411ad1c schema:familyName Otte
90 schema:givenName Sebastian
91 rdf:type schema:Person
92 N81b5ad51fe634eb9a8f5b7df591d4b6a rdf:first sg:person.013404167044.28
93 rdf:rest rdf:nil
94 N83df4961d4d043a9805aa97382998814 schema:name dimensions_id
95 schema:value pub.1141036613
96 rdf:type schema:PropertyValue
97 N887fc1698ca2412da29d8bf7819b578f schema:name doi
98 schema:value 10.1007/978-3-030-86380-7_17
99 rdf:type schema:PropertyValue
100 Nac93c4f4ed1546d6a44a1a46bcc27e34 rdf:first N68fe065ba44143039a8b5045e5aa43fd
101 rdf:rest Nfd0fd6021ce24c9da50068b0a108270d
102 Nc2ebc64036f7447890999af8413e84b9 rdf:first N7714b18e050a410fb48ca6e14411ad1c
103 rdf:rest N6906b9b077c144a0ba9379a86adc6d1d
104 Nd9469e28707e490c82311acd24876068 schema:isbn 978-3-030-86379-1
105 978-3-030-86380-7
106 schema:name Artificial Neural Networks and Machine Learning – ICANN 2021
107 rdf:type schema:Book
108 Nfd0fd6021ce24c9da50068b0a108270d rdf:first N3f99d2f2174f4a42838bec895e59a8d4
109 rdf:rest Nc2ebc64036f7447890999af8413e84b9
110 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
111 schema:name Information and Computing Sciences
112 rdf:type schema:DefinedTerm
113 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
114 schema:name Artificial Intelligence and Image Processing
115 rdf:type schema:DefinedTerm
116 sg:person.011061750057.58 schema:affiliation grid-institutes:None
117 schema:familyName Rego
118 schema:givenName David Martinez
119 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011061750057.58
120 rdf:type schema:Person
121 sg:person.011401131771.67 schema:affiliation grid-institutes:None
122 schema:familyName Co
123 schema:givenName Kenneth T.
124 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011401131771.67
125 rdf:type schema:Person
126 sg:person.013404167044.28 schema:affiliation grid-institutes:grid.7445.2
127 schema:familyName Lupu
128 schema:givenName Emil C.
129 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28
130 rdf:type schema:Person
131 grid-institutes:None schema:alternateName DataSpartan, EC2Y 9ST, London, UK
132 schema:name DataSpartan, EC2Y 9ST, London, UK
133 Imperial College London, SW7 2AZ, London, UK
134 rdf:type schema:Organization
135 grid-institutes:grid.7445.2 schema:alternateName Imperial College London, SW7 2AZ, London, UK
136 schema:name Imperial College London, SW7 2AZ, London, UK
137 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...