Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Post-Training Overfitting Mitigation in DNN Classifiers (2309.16827v1)

Published 28 Sep 2023 in cs.LG

Abstract: Well-known (non-malicious) sources of overfitting in deep neural net (DNN) classifiers include: i) large class imbalances; ii) insufficient training-set diversity; and iii) over-training. In recent work, it was shown that backdoor data-poisoning also induces overfitting, with unusually large classification margins to the attacker's target class, mediated particularly by (unbounded) ReLU activations that allow large signals to propagate in the DNN. Thus, an effective post-training (with no knowledge of the training set or training process) mitigation approach against backdoors was proposed, leveraging a small clean dataset, based on bounding neural activations. Improving upon that work, we threshold activations specifically to limit maximum margins (MMs), which yields performance gains in backdoor mitigation. We also provide some analytical support for this mitigation approach. Most importantly, we show that post-training MM-based regularization substantially mitigates non-malicious overfitting due to class imbalances and overtraining. Thus, unlike adversarial training, which provides some resilience against attacks but which harms clean (attack-free) generalization, we demonstrate an approach originating from adversarial learning that helps clean generalization accuracy. Experiments on CIFAR-10 and CIFAR-100, in comparison with peer methods, demonstrate strong performance of our methods.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. What is the state of neural network pruning? Proceedings of machine learning and systems, 2:129–146, 2020.
  2. Statistical fraud detection: A review. Statistical science, 17(3):235–255, 2002.
  3. A systematic study of the class imbalance problem in convolutional neural networks. Neural networks, 106:249–259, 2018.
  4. Learning imbalanced datasets with label-distribution-aware margin loss. Advances in neural information processing systems, 32, 2019.
  5. Smote: synthetic minority over-sampling technique. Journal of artificial intelligence research, 16:321–357, 2002.
  6. Detecting backdoor attacks on deep neural networks by activation clustering. http://arxiv.org/abs/1811.03728, Nov 2018.
  7. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526, 2017.
  8. Class-balanced loss based on effective number of samples. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 9268–9277, 2019.
  9. C4. 5, class imbalance, and cost sensitivity: why under-sampling beats over-sampling. In Workshop on learning from imbalanced datasets II, volume 11, pages 1–8, 2003.
  10. Regularization theory and neural networks architectures. Neural computation, 7(2):219–269, 1995.
  11. BadNets: Evaluating Backdooring Attacks on Deep Neural Networks. IEEE Access, 7:47230–47244, 2019.
  12. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 770–778, 2016.
  13. Igor Kononenko. Machine learning for medical diagnosis: history, state of the art and perspective. Artificial Intelligence in medicine, 23(1):89–109, 2001.
  14. Alex Krizhevsky. Learning multiple layers of features from tiny images. https://www.cs.toronto.edu/~kriz/cifar.html, 05 2012.
  15. Long-tailed visual recognition via gaussian clouded logit adjustment. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 6929–6938, 2022.
  16. A Survey on Federated Learning Systems: Vision, Hype and Reality for Data Privacy and Protection. IEEE TKDE, 35(4):3347–3366, apr 2023.
  17. Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. In International Conference on Learning Representations (ICLR), 2021.
  18. Backdoor embedding in convolutional neural network models via invisible perturbation. In Proc. CODASPY, 2019.
  19. Fine-pruning: Defending against backdoor attacks on deep neural networks. In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), 2018.
  20. Open category detection with pac guarantees. In International Conference on Machine Learning, pages 3169–3178. PMLR, 2018.
  21. Large-scale long-tailed recognition in an open world. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 2537–2546, 2019.
  22. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations, 2018.
  23. A. Nguyen and A. Tran. Input-aware dynamic backdoor attack. In Proceedings of Advances in Neural Information Processing Systems (NeurIPS), 2020.
  24. A. Nguyen and A. Tran. WaNet - Imperceptible Warping-based Backdoor Attack. In International Conference on Learning Representations (ICLR), 2021.
  25. Early stopping and non-parametric regression: an optimal data-dependent stopping rule. The Journal of Machine Learning Research, 15(1):335–366, 2014.
  26. Relay backpropagation for effective learning of deep convolutional neural networks. In Computer Vision–ECCV 2016: 14th European Conference, Amsterdam, The Netherlands, October 11–14, 2016, Proceedings, Part VII 14, pages 467–482. Springer, 2016.
  27. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research, 15(1):1929–1958, 2014.
  28. Spectral signatures in backdoor attacks. In Proc. NIPS, 2018.
  29. Clean-label backdoor attacks. http://people.csail.mit.edu/tsipras/pdfs/TTM18.pdf, 2018.
  30. Neural Cleanse: Identifying and mitigating backdoor attacks in neural networks. In Proc. IEEE Symposium & Security and Privacy, 2019.
  31. Training set cleansing of backdoor poisoning by self-supervised representation learning. In Proc. IEEE ICASSP, 2023.
  32. MM-BD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin Statistic. To appear in Proc. IEEE Symp. on Security & Privacy, 2024; https://arxiv.org/abs/2205.06900
  33. Hang Wang and Zhen Xiang and David J. Miller and George Kesidis. Improved Activation Clipping for Universal Backdoor Mitigation and Test-Time Detection. https://arxiv.org/abs/2308.04617, 2023.
  34. Addressing class imbalance in federated learning. In Proceedings of the AAAI Conference on Artificial Intelligence, 2021.
  35. Reverse Engineering Imperceptible Backdoor Attacks on Deep Neural Networks for Detection and Training Set Cleansing. Computers & Security, 2021.
  36. Feature transfer learning for face recognition with under-represented data. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 5704–5713, 2019.
  37. Xue Ying. An overview of overfitting and its solutions. In Journal of physics: Conference series, volume 1168, page 022022. IOP Publishing, 2019.
  38. Adversarial unlearning of backdoors via implicit hypergradient. In Proc. ICLR, 2021.
  39. mixup: Beyond empirical risk minimization. arXiv preprint arXiv:1710.09412, 2017.
  40. Distribution alignment: A unified framework for long-tail visual recognition. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 2361–2370, 2021.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now