Fixed Inter-Neuron Covariability Induces Adversarial Robustness

The vulnerability to adversarial perturbations is a major flaw of Deep Neural Networks (DNNs) that raises question about their reliability when in real-world scenarios. On the other hand, human perception, which DNNs are supposed to emulate, is highly robust to such perturbations, indicating that th...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Shah, Muhammad Ahmed, Raj, Bhiksha
Format:	Artikel
Sprache:	eng
Schlagworte:	Computer Science - Learning Computer Science - Neural and Evolutionary Computing
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	Shah, Muhammad Ahmed Raj, Bhiksha
description	The vulnerability to adversarial perturbations is a major flaw of Deep Neural Networks (DNNs) that raises question about their reliability when in real-world scenarios. On the other hand, human perception, which DNNs are supposed to emulate, is highly robust to such perturbations, indicating that there may be certain features of the human perception that make it robust but are not represented in the current class of DNNs. One such feature is that the activity of biological neurons is correlated and the structure of this correlation tends to be rather rigid over long spans of times, even if it hampers performance and learning. We hypothesize that integrating such constraints on the activations of a DNN would improve its adversarial robustness, and, to test this hypothesis, we have developed the Self-Consistent Activation (SCA) layer, which comprises of neurons whose activations are consistent with each other, as they conform to a fixed, but learned, covariability pattern. When evaluated on image and sound recognition tasks, the models with a SCA layer achieved high accuracy, and exhibited significantly greater robustness than multi-layer perceptron models to state-of-the-art Auto-PGD adversarial attacks \textit{without being trained on adversarially perturbed data
doi_str_mv	10.48550/arxiv.2308.03956
format	Article
fullrecord	<record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2308_03956</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2308_03956</sourcerecordid><originalsourceid>FETCH-LOGICAL-a676-1f9fff67baeb5cb3938fbb77d34a8e5e4c17c4da442817f93cb4fa0778b8e81a3</originalsourceid><addsrcrecordid>eNotz0FLwzAYxvFcPMjcB_Bkv0BrsiRNepJRNh0MBdm9vG_yBgK1laQt27fXTU_P4Q8P_Bh7FLxSVmv-DOkcl2ojua24bHR9z1728Uy-OAwTpfKd5jQORTsukCJg7ON0-U1-dpSLrV8o5Wvoi88R5zwNlPMDuwvQZ1r_74qd9rtT-1YeP14P7fZYQm3qUoQmhFAbBELtUDbSBkRjvFRgSZNywjjlQamNFSY00qEKwI2xaMkKkCv29Hd7E3TfKX5BunRXSXeTyB9Oq0TS</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Fixed Inter-Neuron Covariability Induces Adversarial Robustness</title><source>arXiv.org</source><creator>Shah, Muhammad Ahmed ; Raj, Bhiksha</creator><creatorcontrib>Shah, Muhammad Ahmed ; Raj, Bhiksha</creatorcontrib><description>The vulnerability to adversarial perturbations is a major flaw of Deep Neural Networks (DNNs) that raises question about their reliability when in real-world scenarios. On the other hand, human perception, which DNNs are supposed to emulate, is highly robust to such perturbations, indicating that there may be certain features of the human perception that make it robust but are not represented in the current class of DNNs. One such feature is that the activity of biological neurons is correlated and the structure of this correlation tends to be rather rigid over long spans of times, even if it hampers performance and learning. We hypothesize that integrating such constraints on the activations of a DNN would improve its adversarial robustness, and, to test this hypothesis, we have developed the Self-Consistent Activation (SCA) layer, which comprises of neurons whose activations are consistent with each other, as they conform to a fixed, but learned, covariability pattern. When evaluated on image and sound recognition tasks, the models with a SCA layer achieved high accuracy, and exhibited significantly greater robustness than multi-layer perceptron models to state-of-the-art Auto-PGD adversarial attacks \textit{without being trained on adversarially perturbed data</description><identifier>DOI: 10.48550/arxiv.2308.03956</identifier><language>eng</language><subject>Computer Science - Learning ; Computer Science - Neural and Evolutionary Computing</subject><creationdate>2023-08</creationdate><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2308.03956$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2308.03956$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Shah, Muhammad Ahmed</creatorcontrib><creatorcontrib>Raj, Bhiksha</creatorcontrib><title>Fixed Inter-Neuron Covariability Induces Adversarial Robustness</title><description>The vulnerability to adversarial perturbations is a major flaw of Deep Neural Networks (DNNs) that raises question about their reliability when in real-world scenarios. On the other hand, human perception, which DNNs are supposed to emulate, is highly robust to such perturbations, indicating that there may be certain features of the human perception that make it robust but are not represented in the current class of DNNs. One such feature is that the activity of biological neurons is correlated and the structure of this correlation tends to be rather rigid over long spans of times, even if it hampers performance and learning. We hypothesize that integrating such constraints on the activations of a DNN would improve its adversarial robustness, and, to test this hypothesis, we have developed the Self-Consistent Activation (SCA) layer, which comprises of neurons whose activations are consistent with each other, as they conform to a fixed, but learned, covariability pattern. When evaluated on image and sound recognition tasks, the models with a SCA layer achieved high accuracy, and exhibited significantly greater robustness than multi-layer perceptron models to state-of-the-art Auto-PGD adversarial attacks \textit{without being trained on adversarially perturbed data</description><subject>Computer Science - Learning</subject><subject>Computer Science - Neural and Evolutionary Computing</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz0FLwzAYxvFcPMjcB_Bkv0BrsiRNepJRNh0MBdm9vG_yBgK1laQt27fXTU_P4Q8P_Bh7FLxSVmv-DOkcl2ojua24bHR9z1728Uy-OAwTpfKd5jQORTsukCJg7ON0-U1-dpSLrV8o5Wvoi88R5zwNlPMDuwvQZ1r_74qd9rtT-1YeP14P7fZYQm3qUoQmhFAbBELtUDbSBkRjvFRgSZNywjjlQamNFSY00qEKwI2xaMkKkCv29Hd7E3TfKX5BunRXSXeTyB9Oq0TS</recordid><startdate>20230807</startdate><enddate>20230807</enddate><creator>Shah, Muhammad Ahmed</creator><creator>Raj, Bhiksha</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230807</creationdate><title>Fixed Inter-Neuron Covariability Induces Adversarial Robustness</title><author>Shah, Muhammad Ahmed ; Raj, Bhiksha</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a676-1f9fff67baeb5cb3938fbb77d34a8e5e4c17c4da442817f93cb4fa0778b8e81a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Learning</topic><topic>Computer Science - Neural and Evolutionary Computing</topic><toplevel>online_resources</toplevel><creatorcontrib>Shah, Muhammad Ahmed</creatorcontrib><creatorcontrib>Raj, Bhiksha</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Shah, Muhammad Ahmed</au><au>Raj, Bhiksha</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Fixed Inter-Neuron Covariability Induces Adversarial Robustness</atitle><date>2023-08-07</date><risdate>2023</risdate><abstract>The vulnerability to adversarial perturbations is a major flaw of Deep Neural Networks (DNNs) that raises question about their reliability when in real-world scenarios. On the other hand, human perception, which DNNs are supposed to emulate, is highly robust to such perturbations, indicating that there may be certain features of the human perception that make it robust but are not represented in the current class of DNNs. One such feature is that the activity of biological neurons is correlated and the structure of this correlation tends to be rather rigid over long spans of times, even if it hampers performance and learning. We hypothesize that integrating such constraints on the activations of a DNN would improve its adversarial robustness, and, to test this hypothesis, we have developed the Self-Consistent Activation (SCA) layer, which comprises of neurons whose activations are consistent with each other, as they conform to a fixed, but learned, covariability pattern. When evaluated on image and sound recognition tasks, the models with a SCA layer achieved high accuracy, and exhibited significantly greater robustness than multi-layer perceptron models to state-of-the-art Auto-PGD adversarial attacks \textit{without being trained on adversarially perturbed data</abstract><doi>10.48550/arxiv.2308.03956</doi><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier	DOI: 10.48550/arxiv.2308.03956
ispartof
issn
language	eng
recordid	cdi_arxiv_primary_2308_03956
source	arXiv.org
subjects	Computer Science - Learning Computer Science - Neural and Evolutionary Computing
title	Fixed Inter-Neuron Covariability Induces Adversarial Robustness
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-12T22%3A07%3A56IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Fixed%20Inter-Neuron%20Covariability%20Induces%20Adversarial%20Robustness&rft.au=Shah,%20Muhammad%20Ahmed&rft.date=2023-08-07&rft_id=info:doi/10.48550/arxiv.2308.03956&rft_dat=%3Carxiv_GOX%3E2308_03956%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true