Exploring the landscape of spatial robustness

• dc.contributor.author: Engstrom, Logan G.
• dc.contributor.author: Tran, Brandon
• dc.contributor.author: Tsipras, Dimitris
• dc.contributor.author: Schmidt, Ludwig
• dc.contributor.author: Madry, Aleksander
• dc.date.issued: 2019-06
• dc.identifier.uri: https://hdl.handle.net/1721.1/130391
• dc.description.abstract: Copyright 2019 by the author(s). The study of adversarial robustness has so far largely focused on perturbations bound in lvnorms. However, state-of-the-art models turn out to be also vulnerable to other, more natural classes of perturbations such as translations and rotations. In this work, we thoroughly investigate the vulnerability of neural network-based classifiers to rotations and translations. While data augmentation offers relatively small robustness, we use ideas from robust optimization and test-time input aggregation to significantly improve robustness. Finally we find that, in contrast to the ip-norm case, first-order methods cannot reliably find worst-case perturbations. This highlights spatial robustness as a fundamentally different setting requiring additional study.
• dc.description.sponsorship: NSF (Grants CCF-1553428, CNS-1413920, CCF-1553428 and CNS-1815221)
• dc.language.iso: en
• dc.publisher: MLResearch Press
• dc.relation.isversionof: http://proceedings.mlr.press/v97/engstrom19a.html
• dc.source: Proceedings of Machine Learning Research
• dc.type: Article
• dc.identifier.citation: Engstrom, Logan et al. "Exploring the landscape of spatial robustness." Proceedings of the 36th International Conference on Machine Learning, June 2019, Long Beach, California, MLResearch Press, June 2019. © 2019 The Authors
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.relation.journal: Proceedings of the 36th International Conference on Machine Learning
• dc.eprint.version: Final published version
• mit.journal.volume: 2019