Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome_robust_ml
https://github.com/momo1986/awesome_robust_ml
Last synced: 3 days ago
JSON representation
-
Noisy Label
- From ImageNet to Image Classification:Contextualizing Progress on Benchmarks - grained data annotations via large-scale human studies to build data-centric robust system.
- Re-Labeling ImageNet: From Single to Multi-Labels, From Global to Localized Labels
- Pervasive Label Errors in Test Sets Destabilize Machine Learning Benchmarks
- Are we done with ImageNet
- Evaluating Machine Accuracy on ImageNet - label accuracy, the performance evaluaation to the distribution shift, and care on the performance of inanimate object.
- ConvNets and ImageNet Beyond Accuracy: Understanding Mistakes and Uncovering Biases - scale benchmarks involving for example multi-label annotations.
- From ImageNet to Image Classification:Contextualizing Progress on Benchmarks - grained data annotations via large-scale human studies to build data-centric robust system.
- Are we done with ImageNet
-
Transfer Learning
- Do Better ImageNet Models Transfer Better? - stream tasks in the computer vision which is pre-trained on ImageNet and obtains three conclusions: 1) The features learned by ImageNet is beneficial to some other computer vision tasks; 2) The regularization method utilized in the recognition task of ImageNet dataset is not so useful to transfer learning; 3) Fine-tuning on the task of fine-grained recognition does not surpass training from scratch.
- Do ImageNet Classifiers Generalize to ImageNet?
-
General Defenses (training phase)
- - of-distribution samples via projection onto the data manifold. The paper suggests a new method for detecting when hidden layers are off of the manifold, and uses auto encoders to map them back onto the manifold.
- Research on the relationship between prediction uncertainty and adversarial robustness (Chinese) - intuitive conclusion is delivered that the adversarial robustness is positive-correlated with uncertainty. If the information entropy of the model output is maximized while training the model, the classification surface of the model can be more balanced to enhance the adversarial robustness.
- PeerNets: Exploiting Peer Wisdom Against Adversarial Attacks - Regularized networks (PeerNet) to perform non-local forward propagation. The novelty lies in alternating classical Euclidean convolutions with graph convolutions to harness information from a graph of peer samples.
- Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks
- Stable Neural ODE with Lyapunov-Stable Equilibrium Points for Defending Against Adversarial Attacks
- Fixing Data Augmentation to Improve Adversarial Robustness
- Improving Adversarial Robustness Using Proxy Distributions - quality) generative model that was trained on the same dataset (e.g., CIFAR-10) can still improve robustness of adversarially trained models, without using any extra data.
- Towards Robust Neural Networks via Close-loop Control - loop control framework to enhance adversarial robustness of trained networks.
- Understanding and Improving Fast Adversarial Training - perturbations.
- Confidence-Calibrated Adversarial Training: Generalizing to Unseen Attacks - dependent label smoothing method to generalize adversarially trained models to unseen attacks.
- Smooth Adversarial Training - of-the-art performance on ImageNet.
- Rethinking Softmax Cross-Entropy Loss for Adversarial Robustness - entropy in the adversarial setting, and propose the MMC method to induce high-density regions in the feature space.
- Jacobian Adversarially Regularized Networks for Robustness
- Fast is better than free: Revisiting adversarial training - based adversarial training effective.
- Adversarial Training and Provable Defenses: Bridging the Gap - level to high-level layers.
- Improving Adversarial Robustness Requires Revisiting Misclassified Examples - maximal prediction, and a weighted KL term (similar as a focal loss), compared to the formula of TRADES.
- Adversarial Interpolation Training: A Simple Approach for Improving Model Robustness
- Adversarial Robustness through Local Linearization
- Provably Robust Boosted Decision Stumps and Trees against Adversarial Attacks - case loss). The obtained certified accuracy is higher than for other robust GBDTs and is competitive to provably robust CNNs.
- You Only Propagate Once: Accelerating Adversarial Training via Maximal Principle
- Adversarial Training for Free! - propogation gradients of updating weighs and crafting adversarial examples.
- ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation - rank structures within images, and leverages matrix estimation to exploit such underlying structures for better adversarial robustness.
- Using Pre-Training Can Improve Model Robustness and Uncertainty
- Theoretically Principled Trade-off between Robustness and Accuracy
- Robust Decision Trees Against Adversarial Examples
- Improving Adversarial Robustness via Promoting Ensemble Diversity
- Feature Denoising for Improving Adversarial Robustness - local neural network and large-scale adversarial training with 128 GPUs (with training trick in 'Accurate, large minibatch SGD: Training ImageNet in 1 hour'), which shows large improvement than previous SOTA trained with 50 GPUs.
- Improving the Generalization of Adversarial Training with Domain Adaptation
- A Spectral View of Adversarially Robust Features - a-spectral-view-of-adversarially-robust-features-supplemental.zip)]
- Adversarial Logit Pairing
- Deep Defense: Training DNNs with Improved Adversarial Robustness
- Max-Mahalanobis Linear Discriminant Analysis Networks - Mahalanobis distribution (MMD), which has max margin among classes and can lead to guaranteed robustness.
- Ensemble Adversarial Training- Attacks and Defenses - trained models, and in each training batch, they randomly select one of the currently trained model or pre-trained models to craft adversarial examples.
- Pixeldefend: Leveraging generative models to understand and defend against adversarial examples
-
Adversarial Detection
- SaftyNet: Detecting and Rejecting Adversarial Examples Robustly
- Class-Disentanglement and Applications in Adversarial Detection and Defense - dependence and visually reconstruction, and exploit the result as an adversarial detection metric.
- Towards Robust Detection of Adversarial Examples - entropy (RCE), which can map normal features to low-dimensional manifolds, and then detectors can better separate between adversarial examples and normal ones.
- Robust Detection of Adversarial Attacks by Modeling the Intrinsic Properties of Deep Neural Networks
- Detecting adversarial samples from artifacts - density) metric on the learned features to detect adversarial examples.
- Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality
- Adversarial Training with Rectified Rejection - designed rejection metrics can be coupled to provabably distinguish any misclassified sample from correclty classified ones.
-
Certified Defense and Model Verification
- Towards Better Understanding of Training Certifiably Robust Models against Adversarial Examples
- Towards Verifying Robustness of Neural Networks against Semantic Perturbations - wise verification methods into the semantic transformation space.
- Neural Network Branching for Neural Network Verification
- Towards Stable and Efficient Training of Verifiably Robust Neural Networks
- A Convex Relaxation Barrier to Tight Robustness Verification of Neural Networks
- Tight Certificates of Adversarial Robustness for Randomly Smoothed Classifiers
- On the Effectiveness of Interval Bound Propagation for Training Verifiably Robust Models
- Evaluating Robustness of Neural Networks with Mixed Integer Programming
- Efficient Neural Network Robustness Certification with General Activation Functions
- A Unified View of Piecewise Linear Neural Network Verification
- Scaling Provable Adversarial Defenses - 10) of previously proposed method in ICML.
- Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope - wise bound of robustness, where no adversarial example exists in the bound. Experiments are done on MNIST, Fashion-MNIST, HAR, and SVHN.
- Towards Fast Computation of Certified Robustness for ReLU Networks - Lin and Fast-Lip methods.
- Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach
- Certified Defenses against Adversarial Examples
- A Dual Approach to Scalable Verification of Deep Networks
- Reluplex: An efficient SMT solver for verifying deep neural networks
- Automated Verification of Neural Networks: Advances, Challenges and Perspectives
- Certified Adversarial Robustness via Randomized Smoothing - of-the-art certifiably L2-robust ImageNet classifiers.
- Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope - wise bound of robustness, where no adversarial example exists in the bound. Experiments are done on MNIST, Fashion-MNIST, HAR, and SVHN.
-
General Defenses (inference phase)
- Adversarial Attacks are Reversible with Natural Supervision
- Adversarial Purification with Score-based Generative Models - based generative models (e.g., NCSN) to purify adversarial examples.
- Online Adversarial Purification based on Self-Supervision - independent auxiliary task (e.g., rotation prediction), and purify the test inputs dynamically by minimizing the auxiliary loss.
- Mixup Inference: Better Exploiting Mixup to Defend Adversarial Attacks
- Barrage of Random Transforms for Adversarially Robust Defense - the-shelf defense.
- Mitigating Adversarial Effects Through Randomization
- Countering Adversarial Images Using Input Transformations - depth reduction, JPEG compression, total variance minimization and image quilting as input preprocessing to defend adversarial attacks.
-
Theoretical Analysis
- Unlabeled Data Improves Adversarial Robustness - supervised learning is effective to promote the adversarial robustness.
- Parseval Networks: Improving Robustness to Adversarial Examples - wise theoretical analysis.
- Lower bounds on the robustness to adversarial perturbations - wise norm expansions in a variety of different layer types. It is a seminal work on the robustness analysis of convolutional neural network.
- Towards Deep Learning Models Resistant to Large Perturbations
- Improved Sample Complexities for Deep Neural Networks and Robust Classification via an All-Layer Margin - layer margin, and propose a variant of adversarial training, where the perturbations can be imposed on each layer in network.
- Adversarial Examples Are Not Bugs, They Are Features - robust features, which are highly predictive but locally quite sensitive.
- First-order Adversarial Vulnerability of Neural Networks and Input Dimension
- Adversarial Examples from Computational Constraints
- Adversarial Examples Are a Natural Consequence of Test Error in Noise - purpose noises.
- PAC-learning in the presence of evasion adversaries - learning framework.
- Adversarial Vulnerability for Any Classifier
- Adversarially Robust Generalization Requires More Data
- Robustness of Classifiers:from Adversarial to Random Noise
- Are Labels Required for Improving Adversarial Robustness? - supervised learning for the robustness improvement.
- Towards Deep Learning Models Resistant to Large Perturbations
- Adversarial Examples Are a Natural Consequence of Test Error in Noise - purpose noises.
-
Empirical Analysis
- How Benign is Benign Overfitting
- Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples - 10 by applying large model architecture, weight moving average, smooth activation and more training data to achieve SOTA robustness under norm-bounded constraints.
- Bag of Tricks for Adversarial Training
- Neural Anisotropy Directions
- Hold me tight! Influence of discriminative features on deep network boundaries
- Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks
- Attacks Which Do Not Kill Training Make Adversarial Learning Stronger - stop during adversarial training.
- Overfitting in adversarially robust deep learning
- When NAS Meets Robustness: In Search of Robust Architectures against Adversarial Attacks
- Adversarial Examples Improve Image Recognition
- Intriguing Properties of Adversarial Training at Scale
- A Fourier Perspective on Model Robustness in Computer Vision
- Interpreting Adversarially Trained Convolutional Neural Networks - biased representation.
- On Evaluating Adversarial Robustness
- Is Robustness the Cost of Accuracy? -- A Comprehensive Study on the Robustness of 18 Deep Image Classification Models
- Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong - based defenses, and claim that these ensemble defenses could still be evaded by white-box attacks.
-
Reinforcement Learning
- Certifiable Robustness to Adversarial State Uncertainty in Deep Reinforcement Learning - action values during execution to identify and choose a robust action under a worst case deviation in input space due to possible adversaries or noise.
- Adversarially Robust Policy Learning: Active Construction of Physically-Plausible Perturbations - plausible adversarial examples during training to enable robust policy learning in the source domain and robust performance under both random and adversarial input perturbations.
- Robust Adversarial Reinforcement Learning - pronged approach with adversarial agents for modeling disturbances and adversaries with the incorporation of the domain knowledge to deliver the policy robust to uncertainties and model initializations.
-
Poison Attack
- Poisoning Attacks against Support Vector Machines
- Data Poisoning Attacks on Factorization-Based Collaborative Filtering - based collaborative filtering algorithms: the alternative minimization formulation and the nuclear norm minimization method.
- Using Machine Teaching to Identify Optimal Training-Set Attacks on Machine Learners - Kuhn-Tucker conditions to identify optimal training-set attacks on machine learners.
- Universal Multi-Party Poisoning Attacks - party poison attacks is adapted.
- Trojaning Attack on Neural Networks
- Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks
- Data Poisoning Attack against Knowledge Graph Embedding
- Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning - grounded optimization framework for the poison attack of regression task, and discuss its potential handle methods.
- Certified Defenses for Data Poisoning Attacks
- Robust Logistic Regression and Classification
- Robust High-Dimensional Linear Regression
- CRFL: Certifiably Robust Federated Learning against Backdoor Attacks
- DBA: DISTRIBUTED BACKDOOR ATTACKS AGAINST FEDERATED LEARNING
- Certified Defenses for Data Poisoning Attacks
- Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning - grounded optimization framework for the poison attack of regression task, and discuss its potential handle methods.
-
Beyond Safety
- Improved Autoregressive Modeling with Distribution Smoothing
- Defending Against Image Corruptions Through Adversarial Augmentations
- On the effectiveness of adversarial training against common corruptions - 10-C / ImageNet-100-C).
- Unadversarial Examples: Designing Objects for Robust Vision
- Do Adversarially Robust ImageNet Models Transfer Better?
- Adversarial Examples Improve Image Recognition
-
Seminal Work
- Unsolved Problems in ML Safety
- Towards Deep Learning Models Resistant to Adversarial Attacks - max optimization with PGD attack can boost robustness.
- Explaining and Harnessing Adversarial Examples
- Intriguing properties of neural networks - BFGS based attack method.
-
Benchmark Datasets
- RobustBench: a standardized adversarial robustness benchmark
- Natural adversarial examples - A dataset.
- Imagenet-trained cnns are biased towards texture; increasing shape bias improves accuracy and robustness - based features lead to more robust models. They also provide the Styled-ImageNet dataset.
Categories
General Defenses (training phase)
34
Certified Defense and Model Verification
20
Theoretical Analysis
16
Empirical Analysis
16
Poison Attack
15
Noisy Label
8
General Defenses (inference phase)
7
Adversarial Detection
7
Beyond Safety
6
Seminal Work
4
Reinforcement Learning
3
Benchmark Datasets
3
Transfer Learning
2
Sub Categories