Retrieval-Augmented Convolutional Neural Networks Against Adversarial Examples
Abstract
We propose a retrieval-augmented convolutional network (RaCNN) and propose to train it with local mixup, a novel variant of the recently proposed mixup algorithm. The proposed hybrid architecture combining a convolutional network and an off-the-shelf retrieval engine was designed to mitigate the adverse effect of off-manifold adversarial examples, while the proposed local mixup addresses on-manifold ones by explicitly encouraging the classifier to locally behave linearly on the data manifold. Our evaluation of the proposed approach against seven readilyavailable adversarial attacks on three datasets-CIFAR-10, SVHN and ImageNet-demonstrate the improved robustness compared to a vanilla convolutional network, and comparable performance with the state-of-the-art reactive defense approaches.
Cite
Text
Zhao and Cho. "Retrieval-Augmented Convolutional Neural Networks Against Adversarial Examples." Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019. doi:10.1109/CVPR.2019.01183Markdown
[Zhao and Cho. "Retrieval-Augmented Convolutional Neural Networks Against Adversarial Examples." Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019.](https://mlanthology.org/cvpr/2019/junbo2019cvpr-retrievalaugmented/) doi:10.1109/CVPR.2019.01183BibTeX
@inproceedings{junbo2019cvpr-retrievalaugmented,
title = {{Retrieval-Augmented Convolutional Neural Networks Against Adversarial Examples}},
author = {Zhao, Jake and Cho, Kyunghyun},
booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
year = {2019},
doi = {10.1109/CVPR.2019.01183},
url = {https://mlanthology.org/cvpr/2019/junbo2019cvpr-retrievalaugmented/}
}