Escaping Adversarial Attacks with Egyptian Mirrors

Olga Saukh

Escaping Adversarial Attacks with Egyptian Mirrors

Institut für Technische Informatik (4480)

Publikation: Konferenzbeitrag › Paper › Begutachtung

Abstract

Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo per- mutation invariance. Egyptian Mirrors defense escapes ad- versarial attacks by moving along linear paths between pair- wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8 % and 33 % test accuracy on 2-layer MLP and VGG11 architec- tures trained on GTSRB and CIFAR10 datasets respectively.

Originalsprache	englisch
Seitenumfang	6
Publikationsstatus	Veröffentlicht - 6 Okt. 2023
Veranstaltung	2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network: MobiCom 2023 - Madrid, Spanien Dauer: 2 Okt. 2023 → 6 Okt. 2023 https://fededge2023.github.io

Workshop

Workshop	2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network
Kurztitel	FedEdge
Land/Gebiet	Spanien
Ort	Madrid
Zeitraum	2/10/23 → 6/10/23
Internetadresse	https://fededge2023.github.io

Fields of Expertise

Information, Communication & Computing

Zugriff auf Dokument

http://olgasaukh.com/paper/saukh23egyptian_mirrors.pdfLizenz: CC BY-NC 4.0

Intelligent & Networked Embedded Systems
Boano, C. A., Römer, K. U., Schuß, M., Cao, N., Saukh, O., Hofmann, R., Stocker, M., Schuh, M. P., Papst, F., Salomon, E., Brunner, H., Gallacher, M., Mohamed Hydher, M. H., Wang, D., Corti, F., Krisper, M., Basic, F. & Petrovic, K.
1/09/13 → …
Projekt: Arbeitsgebiet

Escaping Adversarial Attacks with Egyptian Mirrors
Olga Saukh (Redner/in)
6 Okt. 2023
Aktivität: Vortrag oder Präsentation › Vortrag bei Workshop, Seminar oder Kurs › Science to science

Dieses zitieren

@conference{4e5f488de97e4ea9ad9109e568f1a70f,

title = "Escaping Adversarial Attacks with Egyptian Mirrors",

abstract = "Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo per- mutation invariance. Egyptian Mirrors defense escapes ad- versarial attacks by moving along linear paths between pair- wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8 % and 33 % test accuracy on 2-layer MLP and VGG11 architec- tures trained on GTSRB and CIFAR10 datasets respectively.",

author = "Olga Saukh",

year = "2023",

month = oct,

day = "6",

language = "English",

note = "2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network : MobiCom 2023, FedEdge ; Conference date: 02-10-2023 Through 06-10-2023",

url = "https://fededge2023.github.io",

}

TY - CONF

T1 - Escaping Adversarial Attacks with Egyptian Mirrors

AU - Saukh, Olga

PY - 2023/10/6

Y1 - 2023/10/6

N2 - Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo per- mutation invariance. Egyptian Mirrors defense escapes ad- versarial attacks by moving along linear paths between pair- wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8 % and 33 % test accuracy on 2-layer MLP and VGG11 architec- tures trained on GTSRB and CIFAR10 datasets respectively.

AB - Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo per- mutation invariance. Egyptian Mirrors defense escapes ad- versarial attacks by moving along linear paths between pair- wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8 % and 33 % test accuracy on 2-layer MLP and VGG11 architec- tures trained on GTSRB and CIFAR10 datasets respectively.

M3 - Paper

T2 - 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network

Y2 - 2 October 2023 through 6 October 2023

ER -

Escaping Adversarial Attacks with Egyptian Mirrors

Abstract

Workshop

Fields of Expertise

Zugriff auf Dokument

Fingerprint

Projekte

Intelligent & Networked Embedded Systems

Aktivitäten

Escaping Adversarial Attacks with Egyptian Mirrors

Dieses zitieren