ICML 2023

Timezone: »

Towards Out-of-Distribution Adversarial Robustness

Adam Ibrahim · Charles Guille-Escuret · Ioannis Mitliagkas · Irina Rish · David Krueger · Pouya Bashivan

@

in 2nd ICML Workshop on New Frontiers in Adversarial Machine Learning »

Event URL: https://openreview.net/forum?id=JDlq499bat »
Adversarial robustness continues to be a major challenge for deep learning. A core issue is that robustness to one type of attack often fails to transfer to other attacks. While prior work establishes a theoretical trade-off in robustness against different $L_p$ norms, we show that there is potential for improvement against many commonly used attacks by adopting a domain generalisation approach.Concretely, we treat each type of attack as a domain, and apply the Risk Extrapolation method (REx), which promotes similar levels of robustness against all training attacks. Compared to existing methods, we obtain similar or superior worst-case adversarial robustness on attacks seen during training. Moreover, we achieve superior performance on families or tunings of attacks only encountered at test time. On ensembles of attacks, our approach improves the accuracy from 3.4\% with the best existing baseline to 25.9\% on MNIST, and from 16.9\% to 23.5\% on CIFAR10.

Keywords: domain generalization · robustness · adversarial · OOD · REx

[ OpenReview]

Author Information

Adam Ibrahim (Mila, University of Montreal)

Charles Guille-Escuret (Mila, Université de Montréal)

Ioannis Mitliagkas (MILA, UdeM)

Irina Rish (MILA / Université de Montréal h)

David Krueger (MILA (University of Montreal))

Pouya Bashivan (McGill University)

Related Events (a corresponding poster, oral, or spotlight)

2023 : Towards Out-of-Distribution Adversarial Robustness »
Dates n/a. Room

More from the Same Authors

2022 : Towards Out-of-Distribution Adversarial Robustness »
Adam Ibrahim · Charles Guille-Escuret · Ioannis Mitliagkas · Irina Rish · David Krueger · Pouya Bashivan
2022 : Defining and Characterizing Reward Gaming »
Joar Skalse · Nikolaus Howe · Dmitrii Krasheninnikov · David Krueger
2023 : Maximum State Entropy Exploration using Predecessor and Successor Representations »
Arnav Kumar Jain · Lucas Lehnert · Irina Rish · Glen Berseth
2023 : LEAD: Min-Max Optimization from a Physical Perspective »
Reyhane Askari Hemmat · Amartya Mitra · Guillaume Lajoie · Ioannis Mitliagkas
2023 : Continual Pre-Training of Large Language Models: How to re-warm your model? »
Kshitij Gupta · Benjamin Thérien · Adam Ibrahim · Mats Richter · Quentin Anthony · Eugene Belilovsky · Timothée Lesort · Irina Rish
2023 : Cognitive Models as Simulators: Using Cognitive Models to Tap into Implicit Human Feedback »
Ardavan S. Nobandegani · Thomas Shultz · Irina Rish
2023 Poster: Synergies between Disentanglement and Sparsity: Generalization and Identifiability in Multi-Task Learning »
Sébastien Lachapelle · Tristan Deleu · Divyat Mahajan · Ioannis Mitliagkas · Yoshua Bengio · Simon Lacoste-Julien · Quentin Bertrand
2023 Poster: Mechanistic Mode Connectivity »
Ekdeep Singh Lubana · Eric Bigelow · Robert Dick · David Krueger · Hidenori Tanaka
2022 Poster: Towards Scaling Difference Target Propagation by Learning Backprop Targets »
Maxence ERNOULT · Fabrice Normandin · Abhinav Moudgil · Sean Spinney · Eugene Belilovsky · Irina Rish · Blake Richards · Yoshua Bengio
2022 Spotlight: Towards Scaling Difference Target Propagation by Learning Backprop Targets »
Maxence ERNOULT · Fabrice Normandin · Abhinav Moudgil · Sean Spinney · Eugene Belilovsky · Irina Rish · Blake Richards · Yoshua Bengio
2021 : Panel Discussion1 »
Razvan Pascanu · Irina Rish
2021 Poster: Out-of-Distribution Generalization via Risk Extrapolation (REx) »
David Krueger · Ethan Caballero · Joern-Henrik Jacobsen · Amy Zhang · Jonathan Binas · Dinghuai Zhang · Remi Le Priol · Aaron Courville
2021 Oral: Out-of-Distribution Generalization via Risk Extrapolation (REx) »
David Krueger · Ethan Caballero · Joern-Henrik Jacobsen · Amy Zhang · Jonathan Binas · Dinghuai Zhang · Remi Le Priol · Aaron Courville
2020 : Panel Discussion »
Eric Eaton · Martha White · Doina Precup · Irina Rish · Harm van Seijen
2020 : Q&A with Irina Rish »
Irina Rish · Shagun Sodhani · Sarath Chandar
2020 : Invited Talk: Lifelong Learning: Towards Broad and Robust AI by Irina Rish »
Irina Rish
2020 Poster: Stochastic Hamiltonian Gradient Methods for Smooth Games »
Nicolas Loizou · Hugo Berard · Alexia Jolicoeur-Martineau · Pascal Vincent · Simon Lacoste-Julien · Ioannis Mitliagkas
2020 Poster: Linear Lower Bounds and Conditioning of Differentiable Games »
Adam Ibrahim · Waïss Azizian · Gauthier Gidel · Ioannis Mitliagkas
2019 Poster: State-Reification Networks: Improving Generalization by Modeling the Distribution of Hidden Representations »
Alex Lamb · Jonathan Binas · Anirudh Goyal · Sandeep Subramanian · Ioannis Mitliagkas · Yoshua Bengio · Michael Mozer
2019 Poster: Multi-objective training of Generative Adversarial Networks with multiple discriminators »
Isabela Albuquerque · Joao Monteiro · Thang Doan · Breandan Considine · Tiago Falk · Ioannis Mitliagkas
2019 Oral: Multi-objective training of Generative Adversarial Networks with multiple discriminators »
Isabela Albuquerque · Joao Monteiro · Thang Doan · Breandan Considine · Tiago Falk · Ioannis Mitliagkas
2019 Oral: State-Reification Networks: Improving Generalization by Modeling the Distribution of Hidden Representations »
Alex Lamb · Jonathan Binas · Anirudh Goyal · Sandeep Subramanian · Ioannis Mitliagkas · Yoshua Bengio · Michael Mozer
2018 Poster: Learning Representations and Generative Models for 3D Point Clouds »
Panagiotis Achlioptas · Olga Diamanti · Ioannis Mitliagkas · Leonidas Guibas
2018 Oral: Learning Representations and Generative Models for 3D Point Clouds »
Panagiotis Achlioptas · Olga Diamanti · Ioannis Mitliagkas · Leonidas Guibas