Unifying the Harmonic Analysis of Adversarial Attacks and Robustness
Shishira R Maiya (University of Maryland),* Max Ehrlich (NVIDIA), Vatsal Agarwal (University of Maryland), Ser-Nam Lim (Meta AI), Tom Goldstein (University of Maryland), Abhinav Shrivastava (University of Maryland)
The 34th British Machine Vision Conference
Abstract
Adversarial examples pose a unique challenge for deep learning systems. Despite recent advances in both attacks and defenses, there is still a lack of clarity and consensus in the community about the true nature and underlying properties of adversarial examples. A deep understanding of these examples can provide new insights towards the development of more effective attacks and defenses. Driven by the common misconception that adversarial examples are high-frequency noise, we present a frequency-based understanding of adversarial examples, supported by theoretical and empirical findings. Our analysis shows that adversarial examples are neither in high-frequency nor in low-frequency components, but are simply dataset dependent. Particularly, we highlight the glaring disparities between models trained on CIFAR-10 and ImageNet-derived datasets. Utilizing this framework, we analyze many intriguing properties of training robust models with frequency constraints, and propose a frequency-based explanation for the commonly observed accuracy vs robustness trade-off.Video
Citation
@inproceedings{Maiya_2023_BMVC,
author = {Shishira R Maiya and Max Ehrlich and Vatsal Agarwal and Ser-Nam Lim and Tom Goldstein and Abhinav Shrivastava},
title = {Unifying the Harmonic Analysis of Adversarial Attacks and Robustness},
booktitle = {34th British Machine Vision Conference 2023, {BMVC} 2023, Aberdeen, UK, November 20-24, 2023},
publisher = {BMVA},
year = {2023},
url = {https://papers.bmvc2023.org/0620.pdf}
}
Copyright © 2023
The British Machine Vision Conference is organised by