Imperial College London
Portrait Picture

Professor Emil Lupu

Faculty of EngineeringDepartment of Computing

Professor of Computer Systems
 
 
 
//

Contact

 

e.c.lupu Website

 
 
//

Location

 

564Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Co:2022:10.1007/978-3-031-15934-3_56,
author = {Co, KT and Martinez-Rego, D and Hau, Z and Lupu, EC},
doi = {10.1007/978-3-031-15934-3_56},
pages = {680--691},
publisher = {Springer},
title = {Jacobian ensembles improve robustness trade-offs to adversarial attacks},
url = {http://dx.doi.org/10.1007/978-3-031-15934-3_56},
year = {2022}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - Deep neural networks have become an integral part of our software infrastructure and are being deployed in many widely-used and safety-critical applications. However, their integration into many systems also brings with it the vulnerability to test time attacks in the form of Universal Adversarial Perturbations (UAPs). UAPs are a class of perturbations that when applied to any input causes model misclassification. Although there is an ongoing effort to defend models against these adversarial attacks, it is often difficult to reconcile the trade-offs in model accuracy and robustness to adversarial attacks. Jacobian regularization has been shown to improve the robustness of models against UAPs, whilst model ensembles have been widely adopted to improve both predictive performance and model robustness. In this work, we propose a novel approach, Jacobian Ensembles – a combination of Jacobian regularization and model ensembles to significantly increase the robustness against UAPs whilst maintaining or improving model accuracy. Our results show that Jacobian Ensembles achieves previously unseen levels of accuracy and robustness, greatly improving over previous methods that tend to skew towards only either accuracy or robustness.
AU  - Co,KT
AU  - Martinez-Rego,D
AU  - Hau,Z
AU  - Lupu,EC
DO  - 10.1007/978-3-031-15934-3_56
EP  - 691
PB  - Springer
PY  - 2022///
SN  - 0302-9743
SP  - 680
TI  - Jacobian ensembles improve robustness trade-offs to adversarial attacks
UR  - http://dx.doi.org/10.1007/978-3-031-15934-3_56
UR  - https://link.springer.com/chapter/10.1007/978-3-031-15934-3_56
UR  - http://hdl.handle.net/10044/1/99620
ER  -
Download