ML Anthology

Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations

Lei Hsiung, Yun-Yun Tsai, Pin-Yu Chen, Tsung-Yi Ho
CVPR 2023 pp. 24658-24667
doi:10.1109/CVPR52729.2023.02362 /cvpr/2023/hsiung2023cvpr-compositional/

Abstract

Model robustness against adversarial examples of single perturbation type such as the Lp-norm has been widely studied, yet its generalization to more realistic scenarios involving multiple semantic perturbations and their composition remains largely unexplored. In this paper, we first propose a novel method for generating composite adversarial examples. Our method can find the optimal attack composition by utilizing component-wise projected gradient descent and automatic attack-order scheduling. We then propose generalized adversarial training (GAT) to extend model robustness from Lp-ball to composite semantic perturbations, such as the combination of Hue, Saturation, Brightness, Contrast, and Rotation. Results obtained using ImageNet and CIFAR-10 datasets indicate that GAT can be robust not only to all the tested types of a single attack, but also to any combination of such attacks. GAT also outperforms baseline L-infinity-norm bounded adversarial training approaches by a significant margin.

PDF CVPR Semantic Scholar

Cite

Text

Hsiung et al. "Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations." Conference on Computer Vision and Pattern Recognition, 2023. doi:10.1109/CVPR52729.2023.02362

Markdown

[Hsiung et al. "Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations." Conference on Computer Vision and Pattern Recognition, 2023.](https://mlanthology.org/cvpr/2023/hsiung2023cvpr-compositional/) doi:10.1109/CVPR52729.2023.02362

BibTeX

@inproceedings{hsiung2023cvpr-compositional,
  title     = {{Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations}},
  author    = {Hsiung, Lei and Tsai, Yun-Yun and Chen, Pin-Yu and Ho, Tsung-Yi},
  booktitle = {Conference on Computer Vision and Pattern Recognition},
  year      = {2023},
  pages     = {24658-24667},
  doi       = {10.1109/CVPR52729.2023.02362},
  url       = {https://mlanthology.org/cvpr/2023/hsiung2023cvpr-compositional/}
}