ML Anthology

Best of Both Worlds: Towards Adversarial Robustness with Transduction and Rejection

Nils Palumbo, Xi Wu, Yang Guo, Jiefeng Chen, Yingyu Liang, Somesh Jha
NeurIPSW 2022
/neuripsw/2022/palumbo2022neuripsw-best/

Abstract

Both transduction and rejection have emerged as key techniques to enable stronger defenses against adversarial perturbations, but existing work has not investigated the combination of transduction and rejection. Our theoretical analysis shows that combining the two can potentially lead to better guarantees than using transduction or rejection alone. Based on the analysis, we propose a defense algorithm that learns a transductive classifier with the rejection option and also propose a strong adaptive attack for evaluating our defense. The experimental results on MNIST and CIFAR-10 show that it has strong robustness, outperforming existing baselines, including those using only transduction or rejection.

PDF NeurIPSW OpenReview Semantic Scholar

Cite

Text

Palumbo et al. "Best of Both Worlds: Towards Adversarial Robustness with Transduction and Rejection." NeurIPS 2022 Workshops: MLSW, 2022.

Markdown

[Palumbo et al. "Best of Both Worlds: Towards Adversarial Robustness with Transduction and Rejection." NeurIPS 2022 Workshops: MLSW, 2022.](https://mlanthology.org/neuripsw/2022/palumbo2022neuripsw-best/)

BibTeX

@inproceedings{palumbo2022neuripsw-best,
  title     = {{Best of Both Worlds: Towards Adversarial Robustness with Transduction and Rejection}},
  author    = {Palumbo, Nils and Wu, Xi and Guo, Yang and Chen, Jiefeng and Liang, Yingyu and Jha, Somesh},
  booktitle = {NeurIPS 2022 Workshops: MLSW},
  year      = {2022},
  url       = {https://mlanthology.org/neuripsw/2022/palumbo2022neuripsw-best/}
}