Exploring the Landscape of Spatial Robustness

December 07, 2017 · Entered Twilight · 🏛 arXiv.org

"Last commit was 6.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, .gitmodules, README.md, attacks_debugging.ipynb, cleanup.sh, collect_eval.py, docs, eval.py, eval.sh, eval_grid.sh, experimental_config.py, requirements.txt, robustness, run.sh, setup.py, spatial transformations.ipynb, train.sh

Authors Logan Engstrom, Brandon Tran, Dimitris Tsipras, Ludwig Schmidt, Aleksander Madry arXiv ID 1712.02779 Category cs.LG: Machine Learning Cross-listed cs.CV, cs.NE, stat.ML Citations 381 Venue arXiv.org Repository https://github.com/MadryLab/spatial-pytorch ⭐ 25 Last Checked 1 month ago

Abstract

The study of adversarial robustness has so far largely focused on perturbations bound in p-norms. However, state-of-the-art models turn out to be also vulnerable to other, more natural classes of perturbations such as translations and rotations. In this work, we thoroughly investigate the vulnerability of neural network--based classifiers to rotations and translations. While data augmentation offers relatively small robustness, we use ideas from robust optimization and test-time input aggregation to significantly improve robustness. Finally we find that, in contrast to the p-norm case, first-order methods cannot reliably find worst-case perturbations. This highlights spatial robustness as a fundamentally different setting requiring additional study. Code available at https://github.com/MadryLab/adversarial_spatial and https://github.com/MadryLab/spatial-pytorch.