Timezone: »
Oral
Exploring the Landscape of Spatial Robustness
Logan Engstrom · Brandon Tran · Dimitris Tsipras · Ludwig Schmidt · Aleksander Madry
Wed Jun 12 04:20 PM -- 04:25 PM (PDT) @ Seaside Ballroom
The study of adversarial examples has so far largely focused on the lp setting. However, neural networks turn out to be also vulnerable to other, very natural classes of perturbations such as translations and rotations. Unfortunately, the standard methods effective in remedying lp vulnerabilities are not as effective in this new regime.
With the goal of classifier robustness, we thoroughly investigate the vulnerabilities of neural network--based classifiers to rotations and translations. We uncover that while data augmentation generally helps very little, using ideas from robust optimization and test-time input aggregation we can significantly improve robustness.
In our exploration we find that, in contrast to the lp case, first-order methods cannot reliably find fooling inputs. This highlights fundamental differences in spatial robustness as compared to lp robustness, and suggests that we need a more comprehensive understanding of robustness in general.
Author Information
Logan Engstrom (MIT)
Brandon Tran (MIT)
Dimitris Tsipras (MIT)
Ludwig Schmidt (UC Berkeley)
Aleksander Madry (MIT)
Related Events (a corresponding poster, oral, or spotlight)
-
2019 Poster: Exploring the Landscape of Spatial Robustness »
Thu. Jun 13th 01:30 -- 04:00 AM Room Pacific Ballroom #142
More from the Same Authors
-
2022 : A Game-Theoretic Perspective on Trust in Recommendation »
Sarah Cen · Andrew Ilyas · Aleksander Madry -
2022 : Panel discussion »
Steffen Schneider · Aleksander Madry · Alexei Efros · Chelsea Finn · Soheil Feizi -
2022 : Dr. Aleksander Madry's Talk »
Aleksander Madry -
2022 : Invited Talk 1: Aleksander Mądry »
Aleksander Madry -
2022 Poster: Datamodels: Understanding Predictions with Data and Data with Predictions »
Andrew Ilyas · Sung Min (Sam) Park · Logan Engstrom · Guillaume Leclerc · Aleksander Madry -
2022 Poster: Adversarially trained neural representations are already as robust as biological neural representations »
Chong Guo · Michael Lee · Guillaume Leclerc · Joel Dapello · Yug Rao · Aleksander Madry · James DiCarlo -
2022 Oral: Adversarially trained neural representations are already as robust as biological neural representations »
Chong Guo · Michael Lee · Guillaume Leclerc · Joel Dapello · Yug Rao · Aleksander Madry · James DiCarlo -
2022 Spotlight: Datamodels: Understanding Predictions with Data and Data with Predictions »
Andrew Ilyas · Sung Min (Sam) Park · Logan Engstrom · Guillaume Leclerc · Aleksander Madry -
2022 Poster: Combining Diverse Feature Priors »
Saachi Jain · Dimitris Tsipras · Aleksander Madry -
2022 Spotlight: Combining Diverse Feature Priors »
Saachi Jain · Dimitris Tsipras · Aleksander Madry -
2021 : Invited Talk #4 »
Aleksander Madry -
2021 Poster: Leveraging Sparse Linear Layers for Debuggable Deep Networks »
Eric Wong · Shibani Santurkar · Aleksander Madry -
2021 Oral: Leveraging Sparse Linear Layers for Debuggable Deep Networks »
Eric Wong · Shibani Santurkar · Aleksander Madry -
2020 Poster: From ImageNet to Image Classification: Contextualizing Progress on Benchmarks »
Dimitris Tsipras · Shibani Santurkar · Logan Engstrom · Andrew Ilyas · Aleksander Madry -
2020 Poster: Identifying Statistical Bias in Dataset Replication »
Logan Engstrom · Andrew Ilyas · Shibani Santurkar · Dimitris Tsipras · Jacob Steinhardt · Aleksander Madry -
2019 Workshop: Identifying and Understanding Deep Learning Phenomena »
Hanie Sedghi · Samy Bengio · Kenji Hata · Aleksander Madry · Ari Morcos · Behnam Neyshabur · Maithra Raghu · Ali Rahimi · Ludwig Schmidt · Ying Xiao -
2019 : Panel Discussion (Nati Srebro, Dan Roy, Chelsea Finn, Mikhail Belkin, Aleksander Mądry, Jason Lee) »
Nati Srebro · Daniel Roy · Chelsea Finn · Mikhail Belkin · Aleksander Madry · Jason Lee -
2019 : Keynote by Aleksander Mądry: Are All Features Created Equal? »
Aleksander Madry -
2018 Poster: On the Limitations of First-Order Approximation in GAN Dynamics »
Jerry Li · Aleksander Madry · John Peebles · Ludwig Schmidt -
2018 Oral: On the Limitations of First-Order Approximation in GAN Dynamics »
Jerry Li · Aleksander Madry · John Peebles · Ludwig Schmidt -
2018 Poster: Black-box Adversarial Attacks with Limited Queries and Information »
Andrew Ilyas · Logan Engstrom · Anish Athalye · Jessy Lin -
2018 Oral: Black-box Adversarial Attacks with Limited Queries and Information »
Andrew Ilyas · Logan Engstrom · Anish Athalye · Jessy Lin -
2018 Poster: Synthesizing Robust Adversarial Examples »
Anish Athalye · Logan Engstrom · Andrew Ilyas · Kevin Kwok -
2018 Poster: A Classification-Based Study of Covariate Shift in GAN Distributions »
Shibani Santurkar · Ludwig Schmidt · Aleksander Madry -
2018 Oral: Synthesizing Robust Adversarial Examples »
Anish Athalye · Logan Engstrom · Andrew Ilyas · Kevin Kwok -
2018 Oral: A Classification-Based Study of Covariate Shift in GAN Distributions »
Shibani Santurkar · Ludwig Schmidt · Aleksander Madry