Analyzing Accuracy Loss in Randomized Smoothing Defenses
Recent advances in machine learning (ML) algorithms, especially deep neural networks (DNNs), have demonstrated remarkable success (sometimes exceeding human-level performance) on several tasks, including face and speech recognition. However, ML algorithms are vulnerable to \emph{adversarial attacks}...
Gespeichert in:
| Hauptverfasser: | , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Gao, Yue Rosenberg, Harrison Fawaz, Kassem Jha, Somesh Hsu, Justin |
| description | Recent advances in machine learning (ML) algorithms, especially deep neural
networks (DNNs), have demonstrated remarkable success (sometimes exceeding
human-level performance) on several tasks, including face and speech
recognition. However, ML algorithms are vulnerable to \emph{adversarial
attacks}, such test-time, training-time, and backdoor attacks. In test-time
attacks an adversary crafts adversarial examples, which are specially crafted
perturbations imperceptible to humans which, when added to an input example,
force a machine learning model to misclassify the given input example.
Adversarial examples are a concern when deploying ML algorithms in critical
contexts, such as information security and autonomous driving. Researchers have
responded with a plethora of defenses. One promising defense is
\emph{randomized smoothing} in which a classifier's prediction is smoothed by
adding random noise to the input example we wish to classify. In this paper, we
theoretically and empirically explore randomized smoothing. We investigate the
effect of randomized smoothing on the feasible hypotheses space, and show that
for some noise levels the set of hypotheses which are feasible shrinks due to
smoothing, giving one reason why the natural accuracy drops after smoothing. To
perform our analysis, we introduce a model for randomized smoothing which
abstracts away specifics, such as the exact distribution of the noise. We
complement our theoretical results with extensive experiments. |
| doi_str_mv | 10.48550/arxiv.2003.01595 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2003_01595</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2003_01595</sourcerecordid><originalsourceid>FETCH-LOGICAL-a675-802a96d7ba8a67b0fbd4f59305d18fee365fb17cffe7d41e8a3fee35ec34ef193</originalsourceid><addsrcrecordid>eNotj81OwzAQhH3hgFoegBN-gQS7zibOMSq_UqRK0Hu0sXeppcZBMSDSp4cUTqMZjUbzCXGtVV5YAHWL03f4yjdKmVxpqOFS2CbicT6F-CYb5z4ndLNsx5RkiPIFox-HcCIvX4dx_DgsrTtiionSWlwwHhNd_etK7B_u99unrN09Pm-bNsOygsyqDdalr3q0v75X3PuCoTYKvLZMZErgXleOmSpfaLJolhTImYJY12Ylbv5mz9e79ykMOM3dgtCdEcwPz31B6g</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Analyzing Accuracy Loss in Randomized Smoothing Defenses</title><source>arXiv.org</source><creator>Gao, Yue ; Rosenberg, Harrison ; Fawaz, Kassem ; Jha, Somesh ; Hsu, Justin</creator><creatorcontrib>Gao, Yue ; Rosenberg, Harrison ; Fawaz, Kassem ; Jha, Somesh ; Hsu, Justin</creatorcontrib><description>Recent advances in machine learning (ML) algorithms, especially deep neural
networks (DNNs), have demonstrated remarkable success (sometimes exceeding
human-level performance) on several tasks, including face and speech
recognition. However, ML algorithms are vulnerable to \emph{adversarial
attacks}, such test-time, training-time, and backdoor attacks. In test-time
attacks an adversary crafts adversarial examples, which are specially crafted
perturbations imperceptible to humans which, when added to an input example,
force a machine learning model to misclassify the given input example.
Adversarial examples are a concern when deploying ML algorithms in critical
contexts, such as information security and autonomous driving. Researchers have
responded with a plethora of defenses. One promising defense is
\emph{randomized smoothing} in which a classifier's prediction is smoothed by
adding random noise to the input example we wish to classify. In this paper, we
theoretically and empirically explore randomized smoothing. We investigate the
effect of randomized smoothing on the feasible hypotheses space, and show that
for some noise levels the set of hypotheses which are feasible shrinks due to
smoothing, giving one reason why the natural accuracy drops after smoothing. To
perform our analysis, we introduce a model for randomized smoothing which
abstracts away specifics, such as the exact distribution of the noise. We
complement our theoretical results with extensive experiments.</description><identifier>DOI: 10.48550/arxiv.2003.01595</identifier><language>eng</language><subject>Computer Science - Learning ; Statistics - Machine Learning</subject><creationdate>2020-03</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,881</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2003.01595$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2003.01595$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Gao, Yue</creatorcontrib><creatorcontrib>Rosenberg, Harrison</creatorcontrib><creatorcontrib>Fawaz, Kassem</creatorcontrib><creatorcontrib>Jha, Somesh</creatorcontrib><creatorcontrib>Hsu, Justin</creatorcontrib><title>Analyzing Accuracy Loss in Randomized Smoothing Defenses</title><description>Recent advances in machine learning (ML) algorithms, especially deep neural
networks (DNNs), have demonstrated remarkable success (sometimes exceeding
human-level performance) on several tasks, including face and speech
recognition. However, ML algorithms are vulnerable to \emph{adversarial
attacks}, such test-time, training-time, and backdoor attacks. In test-time
attacks an adversary crafts adversarial examples, which are specially crafted
perturbations imperceptible to humans which, when added to an input example,
force a machine learning model to misclassify the given input example.
Adversarial examples are a concern when deploying ML algorithms in critical
contexts, such as information security and autonomous driving. Researchers have
responded with a plethora of defenses. One promising defense is
\emph{randomized smoothing} in which a classifier's prediction is smoothed by
adding random noise to the input example we wish to classify. In this paper, we
theoretically and empirically explore randomized smoothing. We investigate the
effect of randomized smoothing on the feasible hypotheses space, and show that
for some noise levels the set of hypotheses which are feasible shrinks due to
smoothing, giving one reason why the natural accuracy drops after smoothing. To
perform our analysis, we introduce a model for randomized smoothing which
abstracts away specifics, such as the exact distribution of the noise. We
complement our theoretical results with extensive experiments.</description><subject>Computer Science - Learning</subject><subject>Statistics - Machine Learning</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj81OwzAQhH3hgFoegBN-gQS7zibOMSq_UqRK0Hu0sXeppcZBMSDSp4cUTqMZjUbzCXGtVV5YAHWL03f4yjdKmVxpqOFS2CbicT6F-CYb5z4ndLNsx5RkiPIFox-HcCIvX4dx_DgsrTtiionSWlwwHhNd_etK7B_u99unrN09Pm-bNsOygsyqDdalr3q0v75X3PuCoTYKvLZMZErgXleOmSpfaLJolhTImYJY12Ylbv5mz9e79ykMOM3dgtCdEcwPz31B6g</recordid><startdate>20200303</startdate><enddate>20200303</enddate><creator>Gao, Yue</creator><creator>Rosenberg, Harrison</creator><creator>Fawaz, Kassem</creator><creator>Jha, Somesh</creator><creator>Hsu, Justin</creator><scope>AKY</scope><scope>EPD</scope><scope>GOX</scope></search><sort><creationdate>20200303</creationdate><title>Analyzing Accuracy Loss in Randomized Smoothing Defenses</title><author>Gao, Yue ; Rosenberg, Harrison ; Fawaz, Kassem ; Jha, Somesh ; Hsu, Justin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a675-802a96d7ba8a67b0fbd4f59305d18fee365fb17cffe7d41e8a3fee35ec34ef193</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Computer Science - Learning</topic><topic>Statistics - Machine Learning</topic><toplevel>online_resources</toplevel><creatorcontrib>Gao, Yue</creatorcontrib><creatorcontrib>Rosenberg, Harrison</creatorcontrib><creatorcontrib>Fawaz, Kassem</creatorcontrib><creatorcontrib>Jha, Somesh</creatorcontrib><creatorcontrib>Hsu, Justin</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv Statistics</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Gao, Yue</au><au>Rosenberg, Harrison</au><au>Fawaz, Kassem</au><au>Jha, Somesh</au><au>Hsu, Justin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Analyzing Accuracy Loss in Randomized Smoothing Defenses</atitle><date>2020-03-03</date><risdate>2020</risdate><abstract>Recent advances in machine learning (ML) algorithms, especially deep neural
networks (DNNs), have demonstrated remarkable success (sometimes exceeding
human-level performance) on several tasks, including face and speech
recognition. However, ML algorithms are vulnerable to \emph{adversarial
attacks}, such test-time, training-time, and backdoor attacks. In test-time
attacks an adversary crafts adversarial examples, which are specially crafted
perturbations imperceptible to humans which, when added to an input example,
force a machine learning model to misclassify the given input example.
Adversarial examples are a concern when deploying ML algorithms in critical
contexts, such as information security and autonomous driving. Researchers have
responded with a plethora of defenses. One promising defense is
\emph{randomized smoothing} in which a classifier's prediction is smoothed by
adding random noise to the input example we wish to classify. In this paper, we
theoretically and empirically explore randomized smoothing. We investigate the
effect of randomized smoothing on the feasible hypotheses space, and show that
for some noise levels the set of hypotheses which are feasible shrinks due to
smoothing, giving one reason why the natural accuracy drops after smoothing. To
perform our analysis, we introduce a model for randomized smoothing which
abstracts away specifics, such as the exact distribution of the noise. We
complement our theoretical results with extensive experiments.</abstract><doi>10.48550/arxiv.2003.01595</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2003.01595 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2003_01595 |
| source | arXiv.org |
| subjects | Computer Science - Learning Statistics - Machine Learning |
| title | Analyzing Accuracy Loss in Randomized Smoothing Defenses |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T06%3A27%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Analyzing%20Accuracy%20Loss%20in%20Randomized%20Smoothing%20Defenses&rft.au=Gao,%20Yue&rft.date=2020-03-03&rft_id=info:doi/10.48550/arxiv.2003.01595&rft_dat=%3Carxiv_GOX%3E2003_01595%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |