Defending Against Universal Attacks Through Selective Feature Regeneration
Author(s): Borkar, Tejas; Heide, Felix; Karam, Lina
DownloadTo refer to this page use:
http://arks.princeton.edu/ark:/88435/pr1zv7rFull metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Borkar, Tejas | - |
| dc.contributor.author | Heide, Felix | - |
| dc.contributor.author | Karam, Lina | - |
| dc.date.accessioned | 2021-10-08T19:46:44Z | - |
| dc.date.available | 2021-10-08T19:46:44Z | - |
| dc.date.issued | 2020 | en_US |
| dc.identifier.citation | Borkar, Tejas, Felix Heide, and Lina Karam. "Defending Against Universal Attacks Through Selective Feature Regeneration." In IEEE/CVF Conference on Computer Vision and Pattern Recognition (2020): pp. 706-716. doi:10.1109/CVPR42600.2020.00079 | en_US |
| dc.identifier.issn | 1063-6919 | - |
| dc.identifier.uri | https://openaccess.thecvf.com/content_CVPR_2020/papers/Borkar_Defending_Against_Universal_Attacks_Through_Selective_Feature_Regeneration_CVPR_2020_paper.pdf | - |
| dc.identifier.uri | http://arks.princeton.edu/ark:/88435/pr1zv7r | - |
| dc.description.abstract | Deep neural network (DNN) predictions have been shown to be vulnerable to carefully crafted adversarial perturbations. Specifically, image-agnostic (universal adversarial) perturbations added to any image can fool a target network into making erroneous predictions. Departing from existing defense strategies that work mostly in the image domain, we present a novel defense which operates in the DNN feature domain and effectively defends against such universal perturbations. Our approach identifies pre-trained convolutional features that are most vulnerable to adversarial noise and deploys trainable feature regeneration units which transform these DNN filter activations into resilient features that are robust to universal perturbations. Regenerating only the top 50% adversarially susceptible activations in at most 6 DNN layers and leaving all remaining DNN activations unchanged, we outperform existing defense strategies across different network architectures by more than 10% in restored accuracy. We show that without any additional modification, our defense trained on ImageNet with one type of universal attack examples effectively defends against other types of unseen universal attacks. | en_US |
| dc.format.extent | 706 - 716 | en_US |
| dc.language.iso | en_US | en_US |
| dc.relation.ispartof | IEEE/CVF Conference on Computer Vision and Pattern Recognition | en_US |
| dc.rights | Author's manuscript | en_US |
| dc.title | Defending Against Universal Attacks Through Selective Feature Regeneration | en_US |
| dc.type | Conference Article | en_US |
| dc.identifier.doi | 10.1109/CVPR42600.2020.00079 | - |
| dc.identifier.eissn | 2575-7075 | - |
| pu.type.symplectic | http://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceeding | en_US |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| DefendingAgainstAttacksSelectiveFeatureRegeneration.pdf | 2.11 MB | Adobe PDF | View/Download |
Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.