Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

EntProp: High Entropy Propagation for Improving Accuracy and Robustness (2405.18931v1)

Published 29 May 2024 in stat.ML, cs.AI, cs.CV, and cs.LG

Abstract: Deep neural networks (DNNs) struggle to generalize to out-of-distribution domains that are different from those in training despite their impressive performance. In practical applications, it is important for DNNs to have both high standard accuracy and robustness against out-of-distribution domains. One technique that achieves both of these improvements is disentangled learning with mixture distribution via auxiliary batch normalization layers (ABNs). This technique treats clean and transformed samples as different domains, allowing a DNN to learn better features from mixed domains. However, if we distinguish the domains of the samples based on entropy, we find that some transformed samples are drawn from the same domain as clean samples, and these samples are not completely different domains. To generate samples drawn from a completely different domain than clean samples, we hypothesize that transforming clean high-entropy samples to further increase the entropy generates out-of-distribution samples that are much further away from the in-distribution domain. On the basis of the hypothesis, we propose high entropy propagation~(EntProp), which feeds high-entropy samples to the network that uses ABNs. We introduce two techniques, data augmentation and free adversarial training, that increase entropy and bring the sample further away from the in-distribution domain. These techniques do not require additional training costs. Our experimental results show that EntProp achieves higher standard accuracy and robustness with a lower training cost than the baseline methods. In particular, EntProp is highly effective at training on small datasets.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. Towards evaluating the robustness of neural networks. In IEEE Symposium on Security and Privacy (SP), 2017.
  2. Robust and accurate object detection via adversarial learning. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2021.
  3. Generalized parametric contrastive learning. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2023.
  4. Dirty pixels: Towards end-to-end image processing and perception. ACM Transactions on Graphics (TOG), 2021.
  5. Unsupervised domain adaptation by backpropagation. In International Conference on Machine Learning (ICML), 2015.
  6. Imagenet-trained cnns are biased towards texture; increasing shape bias improves accuracy and robustness. In International Conference on Learning Representations (ICLR), 2018.
  7. Explaining and harnessing adversarial examples. In International Conference on Learning Representations (ICLR), 2015.
  8. Masked autoencoders are scalable vision learners. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2022.
  9. Benchmarking neural network robustness to common corruptions and perturbations. In International Conference on Learning Representations (ICLR), 2019.
  10. The many faces of robustness: A critical analysis of out-of-distribution generalization. In IEEE/CVF International Conference on Computer Vision (ICCV), 2021a.
  11. Natural adversarial examples. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2021b.
  12. Pyramid adversarial training improves vit performance. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2022.
  13. Contrastive learning with adversarial examples. Advances in Neural Information Processing Systems (NeurIPS), 2020.
  14. Adversarial examples are not bugs, they are features. Advances in Neural Information Processing Systems (NeurIPS), 2019.
  15. Robust pre-training by adversarial contrastive learning. Advances in Neural Information Processing Systems (NeurIPS), 2020.
  16. Adversarial logit pairing. arXiv preprint arXiv:1803.06373, 2018.
  17. Adam: A method for stochastic optimization. In International Conference on Learning Representations (ICLR), 2015.
  18. 3d object representations for fine-grained categorization. In IEEE International Conference on Computer Vision Workshops, 2013.
  19. Learning multiple layers of features from tiny images. Master’s thesis, University of Tront, 2009.
  20. Shape-texture debiased neural network training. In International Conference on Learning Representations (ICLR), 2020.
  21. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations (ICLR), 2018.
  22. TorchVision maintainers and contributors. Torchvision: Pytorch’s computer vision library. https://github.com/pytorch/vision, 2016.
  23. Fast advprop. In International Conference on Learning Representations (ICLR), 2022.
  24. Does data augmentation benefit from split batchnorms. arXiv preprint arXiv:2010.07810, 2020.
  25. Cats and dogs. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2012.
  26. Overfitting in adversarially robust deep learning. In International Conference on Machine Learning (ICML), 2020.
  27. Imagenet large scale visual recognition challenge. International journal of computer vision (IJCV), 2015.
  28. Adapting visual category models to new domains. In European Conference on Computer Vision (ECCV), 2010.
  29. Adversarially robust generalization requires more data. Advances in Neural Information Processing Systems (NeurIPS), 2018.
  30. Adversarial training for free! Advances in Neural Information Processing Systems (NeurIPS), 2019.
  31. Robustness may be at odds with accuracy. In International Conference on Learning Representations (ICLR), 2018.
  32. Simultaneous deep transfer across domains and tasks. In IEEE/CVF International Conference on Computer Vision (ICCV), 2015.
  33. Augmax: Adversarial composition of random augmentations for robust training. In Advances in Neural Information Processing Systems (NeurIPS), 2021.
  34. Improving adversarial robustness requires revisiting misclassified examples. In International Conference on Learning Representations (ICLR), 2020.
  35. Caltech-UCSD Birds 200. Technical report, California Institute of Technology, 2010.
  36. Intriguing properties of adversarial training at scale. In International Conference on Learning Representations (ICLR), 2019.
  37. Adversarial examples improve image recognition. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2020.
  38. Cutmix: Regularization strategy to train strong classifiers with localizable features. In IEEE/CVF International Conference on Computer Vision (ICCV), 2019.
  39. Wilddash - creating hazard-aware benchmarks. In European Conference on Computer Vision (ECCV), 2018.
  40. A closer look at dual batch normalization and two-domain hypothesis in adversarial training with hybrid samples, 2023. URL https://openreview.net/forum?id=TMnxVoWdX_M.
  41. Theoretically principled trade-off between robustness and accuracy. In International Conference on Machine Learning (ICML), 2019.
  42. mixup: Beyond empirical risk minimization. In International Conference on Learning Representations (ICLR), 2018.
  43. Mixprop: Towards high-performance image recognition via dual batch normalisation. In British Machine Vision Conference (BMVC), 2022.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets