Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

GIT: Detecting Uncertainty, Out-Of-Distribution and Adversarial Samples using Gradients and Invariance Transformations (2307.02672v1)

Published 5 Jul 2023 in cs.LG and cs.CV

Abstract: Deep neural networks tend to make overconfident predictions and often require additional detectors for misclassifications, particularly for safety-critical applications. Existing detection methods usually only focus on adversarial attacks or out-of-distribution samples as reasons for false predictions. However, generalization errors occur due to diverse reasons often related to poorly learning relevant invariances. We therefore propose GIT, a holistic approach for the detection of generalization errors that combines the usage of gradient information and invariance transformations. The invariance transformations are designed to shift misclassified samples back into the generalization area of the neural network, while the gradient information measures the contradiction between the initial prediction and the corresponding inherent computations of the neural network using the transformed sample. Our experiments demonstrate the superior performance of GIT compared to the state-of-the-art on a variety of network architectures, problem setups and perturbation types.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (53)
  1. Weight uncertainty in neural network. In International Conference on Machine Learning, pages 1613–1622. PMLR, 2015.
  2. Towards evaluating the robustness of neural networks. In Symposium on Security and Privacy,, pages 39–57. IEEE Computer Society, 2017.
  3. Multi-column deep neural networks for image classification. In 2012 IEEE Conference on Computer Vision and Pattern Recognition, Providence, RI, USA, June 16-21, 2012, pages 3642–3649. IEEE Computer Society, 2012.
  4. Detecting adversarial samples using influence functions and nearest neighbors. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 14453–14462, 2020.
  5. Imagenet: A large-scale hierarchical image database. In 2009 IEEE Conference on Computer Vision and Pattern Recognition, 2009.
  6. Dropout as a bayesian approximation: Representing model uncertainty in deep learning. In international conference on machine learning, pages 1050–1059. PMLR, 2016.
  7. Structuring validation targets of a machine learning function applied to automated driving. In Barbara Gallina, Amund Skavhaug, and Friedemann Bitsch, editors, Computer Safety, Reliability, and Security - 37th International Conference, SAFECOMP 2018, Västerås, Sweden, September 19-21, 2018, Proceedings, pages 45–58. Springer, 2018.
  8. Vision meets robotics: The kitti dataset. The International Journal of Robotics Research, 32(11):1231–1237, 2013.
  9. Explaining and harnessing adversarial examples. In Yoshua Bengio and Yann LeCun, editors, 3rd International Conference on Learning Representations, ICLR 2015.
  10. Computer and robot vision, volume 1. Addison-wesley Reading, 1992.
  11. Deep residual learning for image recognition. In Conference on Computer Vision and Pattern Recognition, CVPR, pages 770–778. IEEE Computer Society, 2016.
  12. Benchmarking neural network robustness to common corruptions and perturbations. International Conference on Learning Representations (ICLR), 2019.
  13. A baseline for detecting misclassified and out-of-distribution examples in neural networks. International Conference on Learning Representations, ICLR, 2017.
  14. Generalized ODIN: detecting out-of-distribution image without learning from out-of-distribution data. In Conference on Computer Vision and Pattern Recognition, CVPR, 2020.
  15. Densely connected convolutional networks. In Conference on Computer Vision and Pattern Recognition, CVPR, pages 2261–2269. IEEE Computer Society, 2017.
  16. On the importance of gradients for detecting distributional shifts in the wild. Advances in Neural Information Processing Systems, 34, 2021.
  17. An expert system for detection of breast cancer based on association rules and neural network. Expert Syst. Appl., 36(2):3465–3469, 2009.
  18. Learning multiple layers of features from tiny images. Technical report, Citeseer, 2009.
  19. Adversarial examples in the physical world. In 5th International Conference on Learning Representations, ICLR, Workshop Track Proceedings. OpenReview.net, 2017.
  20. Ya Le and Xuan Yang. Tiny imagenet visual recognition challenge. CS 231N, 7(7):3, 2015.
  21. Deep learning. Nat., 521(7553):436–444, 2015.
  22. Gradients as a measure of uncertainty in neural networks. In 2020 IEEE International Conference on Image Processing (ICIP), pages 2416–2420. IEEE, 2020.
  23. A simple unified framework for detecting out-of-distribution samples and adversarial attacks. In Samy Bengio, Hanna M. Wallach, Hugo Larochelle, Kristen Grauman, Nicolò Cesa-Bianchi, and Roman Garnett, editors, Advances in Neural Information Processing, NeurIPS 2018.
  24. Enhancing the reliability of out-of-distribution image detection in neural networks. In 6th International Conference on Learning Representations, ICLR, 2018.
  25. Defense against adversarial attacks using high-level representation guided denoiser. In Conference on Computer Vision and Pattern Recognition, CVPR, pages 1778–1787, 2018.
  26. Ssd: Single shot multibox detector. In European conference on computer vision, pages 21–37. Springer, 2016.
  27. Efficient detection of adversarial, out-of-distribution and other misclassified samples. Neurocomputing, 2021.
  28. Gran: An efficient gradient-norm based detector for adversarial and misclassified examples. European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning. Bruges (Belgium), 2020.
  29. A survey on assessing the generalization envelope of deep neural networks at inference time for image classification. CoRR, abs/2008.09381, 2020.
  30. NIC: detecting adversarial samples with neural network invariant checking. In NDSS, 2019.
  31. Characterizing adversarial subspaces using local intrinsic dimensionality. In 6th International Conference on Learning Representations, ICLR, 2018.
  32. Ensemble distribution distillation. arXiv preprint arXiv:1905.00076, 2019.
  33. D. Meng and H. Chen. Magnet: a two-pronged defense against adversarial examples. In CCS, pages 135–147, 2017.
  34. Evaluating merging strategies for sampling-based uncertainty techniques in object detection. In International Conference on Robotics and Automation (ICRA), pages 2348–2354. IEEE, 2019.
  35. Dropout sampling for robust object detection in open-set conditions. In 2018 IEEE International Conference on Robotics and Automation (ICRA), pages 3243–3249. IEEE, 2018.
  36. Reading digits in natural images with unsupervised feature learning. In NIPS Workshop on Deep Learning and Unsupervised Feature Learning 2011, 2011.
  37. Classification uncertainty of deep neural networks based on gradient information. In Artificial Neural Networks in Pattern Recognition - 8th IAPR TC3 Workshop, ANNPR, 2018.
  38. The limitations of deep learning in adversarial settings. In EuroSP, 2016.
  39. Boosting deep neural networks with geometrical prior knowledge: A survey. arXiv preprint arXiv:2006.16867, 2020.
  40. Likelihood ratios for out-of-distribution detection. In Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems, NeurIPS, 2019.
  41. Faster R-CNN: towards real-time object detection with region proposal networks. In Advances in Neural Information Processing 2015, pages 91–99, 2015.
  42. Gradient-based quantification of epistemic uncertainty for deep object detectors. arXiv preprint arXiv:2107.04517, 2021.
  43. Anomaly detection using autoencoders with nonlinear dimensionality reduction. In Proceedings of the MLSDA 2014 2nd workshop on machine learning for sensory data analysis, pages 4–11, 2014.
  44. Detecting out-of-distribution examples with gram matrices. In Proceedings of the 37th International Conference on Machine Learning, ICML, 2020.
  45. Real-time uncertainty estimation in computer vision via uncertainty-aware distribution distillation. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision, pages 707–716, 2021.
  46. The inaturalist species classification and detection dataset. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 8769–8778, 2018.
  47. Out-of-distribution detection using an ensemble of self supervised leave-out classifiers. In Computer Vision - ECCV 2018 - 15th European Conference, 2018.
  48. Sun database: Large-scale scene recognition from abbey to zoo. In 2010 IEEE computer society conference on computer vision and pattern recognition, pages 3485–3492, 2010.
  49. Feature squeezing: Detecting adversarial examples in deep neural networks. In NDSS, 2018.
  50. LSUN: construction of a large-scale image dataset using deep learning with humans in the loop. CoRR, abs/1506.03365, 2015.
  51. Unsupervised out-of-distribution detection by maximum classifier discrepancy. In International Conference on Computer Vision, ICCV, 2019.
  52. Places: A 10 million image database for scene recognition. IEEE transactions on pattern analysis and machine intelligence, 2017.
  53. Ev Zisselman and Aviv Tamar. Deep residual flow for out of distribution detection. In Conference on Computer Vision and Pattern Recognition, CVPR, 2020.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now