Theoretical evidence for adversarial robustness through randomization
Pinot, Rafaël; Meunier, Laurent; Araújo, Alexandre; Kashima, Hisashi; Yger, Florian; Gouy-Pailler, Cedric; Atif, Jamal (2019), Theoretical evidence for adversarial robustness through randomization, 33rd Conference on Neural Information Processing Systems (NIPS 2019), 2019-12, Vancouver, CANADA
Type
Communication / ConférenceExternal document link
https://hal.archives-ouvertes.fr/hal-02892188Date
2019Conference title
33rd Conference on Neural Information Processing Systems (NIPS 2019)Conference date
2019-12Conference city
VancouverConference country
CANADAMetadata
Show full item recordAuthor(s)
Pinot, RafaëlMeunier, Laurent
Araújo, Alexandre
Kashima, Hisashi
Yger, Florian
Gouy-Pailler, Cedric
Atif, Jamal
Abstract (EN)
This paper investigates the theory of robustness against adversarial attacks. It focuses on the family of randomization techniques that consist in injecting noise in the network at inference time. These techniques have proven effective in many contexts, but lack theoretical arguments. We close this gap by presenting a theoretical analysis of these approaches, hence explaining why they perform well in practice. More precisely, we make two new contributions. The first one relates the randomization rate to robustness to adversarial attacks. This result applies for the general family of exponential distributions, and thus extends and unifies the previous approaches. The second contribution consists in devising a new upper bound on the adversarial generalization gap of randomized neural networks. We support our theoretical claims with a set of experiments.Subjects / Keywords
Machine LearningRelated items
Showing items related by title and author.
-
(2019) Communication / Conférence
-
(2019) Communication / Conférence
-
(2018) Communication / Conférence
-
(2020) Communication / Conférence
-
(2017) Communication / Conférence
