Publications

BibTex format

@article{Co:2021:10.1007/978-3-030-86380-7_17,
author = {Co, KT and Rego, DM and Lupu, EC},
doi = {10.1007/978-3-030-86380-7_17},
journal = {Lecture Notes in Computer Science},
pages = {202--213},
title = {Jacobian regularization for mitigating universal adversarial perturbations},
url = {http://dx.doi.org/10.1007/978-3-030-86380-7_17},
volume = {12894},
year = {2021}
}

Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on large sets of data. They are a class of attacks that represents a significant threat as they facilitate realistic, practical, and low-cost attacks on neural networks. In this work, we derive upper bounds for the effectiveness of UAPs based on norms of data-dependent Jacobians. We empirically verify that Jacobian regularization greatly increases model robustness to UAPs by up to four times whilst maintaining clean performance. Our theoretical analysis also allows us to formulate a metric for the strength of shared adversarial perturbations between pairs of inputs. We apply this metric to benchmark datasets and show that it is highly correlated with the actual observed robustness. This suggests that realistic and practical universal attacks can be reliably mitigated without sacrificing clean accuracy, which shows promise for the robustness of machine learning systems.
AU  - Co,KT
AU  - Rego,DM
AU  - Lupu,EC
DO  - 10.1007/978-3-030-86380-7_17
EP  - 213
PY  - 2021///
SN  - 0302-9743
SP  - 202
TI  - Jacobian regularization for mitigating universal adversarial perturbations
T2  - Lecture Notes in Computer Science
UR  - http://dx.doi.org/10.1007/978-3-030-86380-7_17
UR  - http://hdl.handle.net/10044/1/91992
VL  - 12894
ER  -

Download

Professor Emil Lupu

Contact

Location

Summary

Citation

BibTex format

RIS format (EndNote, RefMan)