The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Bayesian adversarial learning

Bayesian adversarial learning
Bayesian adversarial learning

Deep neural networks have been known to be vulnerable to adversarial attacks, raising lots of security concerns in the practical deployment. Popular defensive approaches can be formulated as a (distributionally) robust optimization problem, which minimizes a "point estimate" of worst-case loss derived from either per-datum perturbation or adversary data-generating distribution within certain predefined constraints. This point estimate ignores potential test adversaries that are beyond the pre-defined constraints. The model robustness might deteriorate sharply in the scenario of stronger test adversarial data, fn this work, a novel robust training framework is proposed to alleviate this issue, Bayesian Robust Learning, in which a distribution is put on the adversarial data-generating distribution to account for the uncertainty of the adversarial data-generating process. The uncertainty directly helps to consider the potential adversaries that are stronger than the point estimate in the cases of distributionally robust optimization. The uncertainty of model parameters is also incorporated to accommodate the full Bayesian framework. We design a scalable Markov Chain Monte Carlo sampling strategy to obtain the posterior distribution over model parameters. Various experiments are conducted to verify the superiority of BAL over existing adversarial training methods. The code for BAL is available at h t t p s: / / t i n y u r l . com/yexsaewr.

1049-5258
6892-6901
Neural Information Processing Systems Foundation
Ye, Nanyang
a87cef03-6348-4407-92ed-00af2a77f295
Zhu, Zhanxing
e55e7385-8ba2-4a85-8bae-e00defb7d7f0
Bengio, S.
Wallach, H.
Larochelle, H.
Grauman, K.
Cesa-Bianchi, N.
Garnett, R.
Ye, Nanyang
a87cef03-6348-4407-92ed-00af2a77f295
Zhu, Zhanxing
e55e7385-8ba2-4a85-8bae-e00defb7d7f0
Bengio, S.
Wallach, H.
Larochelle, H.
Grauman, K.
Cesa-Bianchi, N.
Garnett, R.

Ye, Nanyang and Zhu, Zhanxing (2018) Bayesian adversarial learning. Bengio, S., Wallach, H., Larochelle, H., Grauman, K., Cesa-Bianchi, N. and Garnett, R. (eds.) In Advances in Neural Information Processing Systems 31 (NeurIPS 2018). vol. 2018-December, Neural Information Processing Systems Foundation. pp. 6892-6901 .

Record type: Conference or Workshop Item (Paper)

Abstract

Deep neural networks have been known to be vulnerable to adversarial attacks, raising lots of security concerns in the practical deployment. Popular defensive approaches can be formulated as a (distributionally) robust optimization problem, which minimizes a "point estimate" of worst-case loss derived from either per-datum perturbation or adversary data-generating distribution within certain predefined constraints. This point estimate ignores potential test adversaries that are beyond the pre-defined constraints. The model robustness might deteriorate sharply in the scenario of stronger test adversarial data, fn this work, a novel robust training framework is proposed to alleviate this issue, Bayesian Robust Learning, in which a distribution is put on the adversarial data-generating distribution to account for the uncertainty of the adversarial data-generating process. The uncertainty directly helps to consider the potential adversaries that are stronger than the point estimate in the cases of distributionally robust optimization. The uncertainty of model parameters is also incorporated to accommodate the full Bayesian framework. We design a scalable Markov Chain Monte Carlo sampling strategy to obtain the posterior distribution over model parameters. Various experiments are conducted to verify the superiority of BAL over existing adversarial training methods. The code for BAL is available at h t t p s: / / t i n y u r l . com/yexsaewr.

Text
NeurIPS-2018-bayesian-adversarial-learning-Paper - Version of Record
Available under License Creative Commons Attribution.
Download (2MB)

More information

Published date: 2018
Venue - Dates: 32nd Conference on Neural Information Processing Systems, Palais des Congrès de Montréal, Montréal, Canada, 2018-12-02 - 2018-12-08
Related URLs:
Learn more about Vision, Learning and Control research

Identifiers

Local EPrints ID: 486154
URI: http://eprints.soton.ac.uk/id/eprint/486154
ISSN: 1049-5258
PURE UUID: 69658244-67da-4b18-a26d-a0c6991a5c4b

Catalogue record

Date deposited: 11 Jan 2024 17:33
Last modified: 09 Apr 2024 22:02

Export record

Contributors

Author: Nanyang Ye
Author: Zhanxing Zhu
Editor: S. Bengio
Editor: H. Wallach
Editor: H. Larochelle
Editor: K. Grauman
Editor: N. Cesa-Bianchi
Editor: R. Garnett

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×