Timezone: »
Towards Out-of-Distribution Adversarial Robustness
Adam Ibrahim · Charles Guille-Escuret · Ioannis Mitliagkas · Irina Rish · David Krueger · Pouya Bashivan
Adversarial robustness continues to be a major challenge for deep learning. A core issue is that robustness to one type of attack often fails to transfer to other attacks. While prior work establishes a theoretical trade-off in robustness against different $L_p$ norms, we show that there is space for improvement against many commonly used attacks by adopting a domain generalisation approach. In particular, we treat different attacks as domains, and apply the method of Risk Extrapolation (REx), which encourages similar levels of robustness against all training attacks. Compared to existing methods, we obtain similar or superior adversarial robustness on attacks seen during training. More significantly, we achieve superior performance on families or tunings of attacks only encountered at test time. On ensembles of attacks, this improves the accuracy from 3.4\% on the best existing baseline to 25.9\% on MNIST, and from 10.7\% to 17.9\% on CIFAR10.
Author Information
Adam Ibrahim (Mila, Université de Montréal)
Charles Guille-Escuret (Mila, Université de Montréal)
Ioannis Mitliagkas (University of Montreal)
Irina Rish (MILA / Université de Montréal h)
David Krueger (University of Cambridge)
Pouya Bashivan (McGill University)
More from the Same Authors
-
2023 : Towards Out-of-Distribution Adversarial Robustness »
Adam Ibrahim · Charles Guille-Escuret · Ioannis Mitliagkas · Irina Rish · David Krueger · Pouya Bashivan -
2023 : Maximum State Entropy Exploration using Predecessor and Successor Representations »
Arnav Kumar Jain · Lucas Lehnert · Irina Rish · Glen Berseth -
2023 : Continual Pre-Training of Large Language Models: How to re-warm your model? »
Kshitij Gupta · Benjamin Thérien · Adam Ibrahim · Mats Richter · Quentin Anthony · Eugene Belilovsky · Timothée Lesort · Irina Rish -
2023 : Cognitive Models as Simulators: Using Cognitive Models to Tap into Implicit Human Feedback »
Ardavan S. Nobandegani · Thomas Shultz · Irina Rish -
2022 Poster: Towards Scaling Difference Target Propagation by Learning Backprop Targets »
Maxence ERNOULT · Fabrice Normandin · Abhinav Moudgil · Sean Spinney · Eugene Belilovsky · Irina Rish · Blake Richards · Yoshua Bengio -
2022 Spotlight: Towards Scaling Difference Target Propagation by Learning Backprop Targets »
Maxence ERNOULT · Fabrice Normandin · Abhinav Moudgil · Sean Spinney · Eugene Belilovsky · Irina Rish · Blake Richards · Yoshua Bengio -
2021 : Panel Discussion1 »
Razvan Pascanu · Irina Rish -
2020 : Panel Discussion »
Eric Eaton · Martha White · Doina Precup · Irina Rish · Harm van Seijen -
2020 : Q&A with Irina Rish »
Irina Rish · Shagun Sodhani · Sarath Chandar -
2020 : Invited Talk: Lifelong Learning: Towards Broad and Robust AI by Irina Rish »
Irina Rish -
2020 Poster: Linear Lower Bounds and Conditioning of Differentiable Games »
Adam Ibrahim · Waïss Azizian · Gauthier Gidel · Ioannis Mitliagkas -
2019 Poster: Manifold Mixup: Better Representations by Interpolating Hidden States »
Vikas Verma · Alex Lamb · Christopher Beckham · Amir Najafi · Ioannis Mitliagkas · David Lopez-Paz · Yoshua Bengio -
2019 Oral: Manifold Mixup: Better Representations by Interpolating Hidden States »
Vikas Verma · Alex Lamb · Christopher Beckham · Amir Najafi · Ioannis Mitliagkas · David Lopez-Paz · Yoshua Bengio