Published on Mon Apr 26 2021

Impact of Spatial Frequency Based Constraints on Adversarial Robustness

Rémi Bernhard, Pierre-Alain Moellic, Martial Mermillod, Yannick Bourrier, Romain Cohendet, Miguel Solinas, Marina Reyboz
0
0
0
Abstract

Adversarial examples mainly exploit changes to input pixels to which humans are not sensitive to, and arise from the fact that models make decisions based on uninterpretable features. Interestingly, cognitive science reports that the process of interpretability for human classification decision relies predominantly on low spatial frequency components. In this paper, we investigate the robustness to adversarial perturbations of models enforced during training to leverage information corresponding to different spatial frequency ranges. We show that it is tightly linked to the spatial frequency characteristics of the data at stake. Indeed, depending on the data set, the same constraint may results in very different level of robustness (up to 0.41 adversarial accuracy difference). To explain this phenomenon, we conduct several experiments to enlighten influential factors such as the level of sensitivity to high frequencies, and the transferability of adversarial perturbations between original and low-pass filtered inputs.

Thu Oct 04 2018
Machine Learning
Feature Prioritization and Regularization Improve Standard Accuracy and Adversarial Robustness
Adversarial training has been successfully applied to build robust models at a certain cost. While the robustness of a model increases, the standard classification accuracy declines. We propose a model that employs feature prioritization by a nonlinear attention module and feature regularization.
0
0
0
Tue May 05 2020
Machine Learning
Adversarial Training against Location-Optimized Adversarial Patches
Deep neural networks have been shown to be susceptible to adversarial examples. These are small, imperceptible changes constructed to cause mis-classification in image classifiers. Recent work proposed so-called adversarial patches as an alternative.
0
0
0
Sat Nov 21 2020
Artificial Intelligence
Spatially Correlated Patterns in Adversarial Images
Adversarial attacks have proved to be the major impediment in the progress on research towards reliable machine learning solutions. Carefully crafted perturbations, imperceptible to human vision, can be added to images to force misclassification by an otherwise high performing neural network.
0
0
0
Thu Aug 13 2020
Machine Learning
Semantically Adversarial Learnable Filters
The proposed framework combines a structure loss and a semantic adversarial loss. The structure loss helps generate perturbations whose type and magnitude are defined by a target image processing filter. We show that the proposed framework generates filtered images with a high success rate.
0
0
0
Sun Mar 21 2021
Artificial Intelligence
Natural Perturbed Training for General Robustness of Neural Network Classifiers
0
0
0
Wed Apr 17 2019
Computer Vision
Interpreting Adversarial Examples with Attributes
Deep computer vision systems being vulnerable to imperceptible and carefully crafted noise have raised questions regarding the robustness of their decisions. We propose to enable black-box neural networks to justify their reasoning both for clean and for adversarial examples.
0
0
0