Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

How Robust Are Energy-Based Models Trained With Equilibrium Propagation? (2401.11543v1)

Published 21 Jan 2024 in cs.LG and cs.CV

Abstract: Deep neural networks (DNNs) are easily fooled by adversarial perturbations that are imperceptible to humans. Adversarial training, a process where adversarial examples are added to the training set, is the current state-of-the-art defense against adversarial attacks, but it lowers the model's accuracy on clean inputs, is computationally expensive, and offers less robustness to natural noise. In contrast, energy-based models (EBMs), which were designed for efficient implementation in neuromorphic hardware and physical systems, incorporate feedback connections from each layer to the previous layer, yielding a recurrent, deep-attractor architecture which we hypothesize should make them naturally robust. Our work is the first to explore the robustness of EBMs to both natural corruptions and adversarial attacks, which we do using the CIFAR-10 and CIFAR-100 datasets. We demonstrate that EBMs are more robust than transformers and display comparable robustness to adversarially-trained DNNs on gradient-based (white-box) attacks, query-based (black-box) attacks, and natural perturbations without sacrificing clean accuracy, and without the need for adversarial training or additional training techniques.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (72)
  1. On the role of feedback in image recognition under noise and adversarial attacks: A predictive coding perspective. Neural Networks, 157:280–287, 2023.
  2. Square attack: a query-efficient black-box adversarial attack via random search. In European conference on computer vision, pp.  484–501. Springer, 2020.
  3. Contribution of feedforward, lateral and feedback connections to the classical receptive field center and extra-classical receptive field surround of primate v1 neurons. Progress in brain research, 154:93–120, 2006.
  4. Circuits and mechanisms for surround modulation in visual cortex. Annual review of neuroscience, 40:425–451, 2017.
  5. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In International conference on machine learning, pp. 274–283. PMLR, 2018.
  6. Deep equilibrium models. Advances in Neural Information Processing Systems, 32, 2019.
  7. Effect of top-down connections in hierarchical sparse coding. Neural Computation, 32(11):2279–2309, November 2020. doi: 10.1162/neco˙a˙01325. URL https://doi.org/10.1162/neco_a_01325.
  8. Cortical feedback control of olfactory bulb circuits. Neuron, 76(6):1161–1174, 2012.
  9. Towards evaluating the robustness of neural networks. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, May 2017. doi: 10.1109/sp.2017.49. URL https://doi.org/10.1109/sp.2017.49.
  10. Feature distillation in deep attention network against adversarial examples. IEEE Transactions on Neural Networks and Learning Systems, 2021.
  11. Predify: Augmenting deep neural networks with brain-inspired predictive coding dynamics. Advances in Neural Information Processing Systems, 34:14069–14083, 2021.
  12. Learning robust deep equilibrium models. arXiv preprint arXiv:2304.12707, 2023.
  13. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning, pp. 2206–2216. PMLR, 2020.
  14. Autoaugment: Learning augmentation policies from data. 2019. URL https://arxiv.org/pdf/1805.09501.pdf.
  15. István Czigler and István Winkler (eds.). Unconscious Memory Representations in Perception. John Benjamins Publishing Company, May 2010. doi: 10.1075/aicr.78. URL https://doi.org/10.1075/aicr.78.
  16. Perception over time: Temporal dynamics for robust image understanding. In IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023 - Workshops, Vancouver, BC, Canada, June 17-24, 2023, pp.  5656–5665. IEEE, 2023. doi: 10.1109/CVPRW59228.2023.00599. URL https://doi.org/10.1109/CVPRW59228.2023.00599.
  17. Neural mechanisms of selective visual attention. Annual Review of Neuroscience, 18(1):193–222, March 1995. doi: 10.1146/annurev.ne.18.030195.001205. URL https://doi.org/10.1146/annurev.ne.18.030195.001205.
  18. How does the brain solve visual object recognition? Neuron, 73(3):415–434, February 2012. doi: 10.1016/j.neuron.2012.01.010. URL https://doi.org/10.1016/j.neuron.2012.01.010.
  19. Adversarial examples that fool both computer vision and time-limited humans. Advances in neural information processing systems, 31, 2018.
  20. Robustness (python library), 2019. URL https://github.com/MadryLab/robustness.
  21. Immunocytochemistry and distribution of parabrachial terminals in the lateral geniculate nucleus of the cat: a comparison with corticogeniculate terminals. Journal of Comparative Neurology, 377(4):535–549, 1997.
  22. Role of cortical feedback in the receptive field structure and nonlinear response properties of somatosensory thalamic neurons. Experimental brain research, 141:88–100, 2001.
  23. Sleep prevents catastrophic forgetting in spiking neural networks by forming a joint synaptic weight representation. PLOS Computational Biology, 18(11):e1010628, 2022.
  24. Can sleep protect memories from catastrophic forgetting? eLife, 9, August 2020. doi: 10.7554/elife.51005. URL https://doi.org/10.7554/elife.51005.
  25. Joint inference and input optimization in equilibrium networks. Advances in Neural Information Processing Systems, 34:16818–16832, 2021.
  26. Perceptual straightening of natural videos. Nature Neuroscience, 22(6):984–991, April 2019. doi: 10.1038/s41593-019-0377-4. URL https://doi.org/10.1038/s41593-019-0377-4.
  27. Benchmarking neural network robustness to common corruptions and perturbations. In International Conference on Learning Representations, 2019. URL https://openreview.net/forum?id=HJz6tiCqYm.
  28. A role for auditory corticothalamic feedback in the perception of complex sounds. Journal of Neuroscience, 37(25):6149–6161, 2017.
  29. Cortical feedback improves discrimination between figure and background by v1, v2 and v3 neurons. Nature, 394(6695):784–787, August 1998. doi: 10.1038/29537. URL https://doi.org/10.1038/29537.
  30. Adversarial examples are not bugs, they are features. Advances in neural information processing systems, 32, 2019.
  31. Top-down control of sweet and bitter taste in the mammalian brain. Cell, 184(1):257–271, 2021.
  32. Evidence that recurrent circuits are critical to the ventral stream’s execution of core object recognition behavior. Nature Neuroscience, 22(6):974–983, April 2019. doi: 10.1038/s41593-019-0392-5. URL https://doi.org/10.1038/s41593-019-0392-5.
  33. The neural basis of biased competition in human visual cortex. Neuropsychologia, 39(12):1263–1276, January 2001. doi: 10.1016/s0028-3932(01)00116-6. URL https://doi.org/10.1016/s0028-3932(01)00116-6.
  34. Training end-to-end analog neural networks with equilibrium propagation. arXiv preprint arXiv:2006.01981, 2020.
  35. Modeling biological immunity to adversarial examples. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp.  4666–4675, 2020.
  36. Combining backpropagation with equilibrium propagation to improve an actor-critic reinforcement learning framework. Frontiers in Computational Neuroscience, 16:980613, 2022.
  37. Holomorphic equilibrium propagation computes exact gradients through finite size oscillations. Advances in Neural Information Processing Systems, 35:12950–12963, 2022.
  38. Scaling equilibrium propagation to deep ConvNets by drastically reducing its gradient estimator bias. Frontiers in Neuroscience, 15, February 2021. doi: 10.3389/fnins.2021.633674. URL https://doi.org/10.3389/fnins.2021.633674.
  39. Period proliferation in periodic states in cyclically sheared jammed solids. Physical Review E, 96(2), August 2017. doi: 10.1103/physreve.96.020101. URL https://doi.org/10.1103/physreve.96.020101.
  40. Improving vision transformers to learn small-size dataset from scratch. IEEE Access, 10:123212–123224, 2022. doi: 10.1109/access.2022.3224044. URL https://doi.org/10.1109/access.2022.3224044.
  41. CerDEQ: Certifiable deep equilibrium model. In Kamalika Chaudhuri, Stefanie Jegelka, Le Song, Csaba Szepesvari, Gang Niu, and Sivan Sabato (eds.), Proceedings of the 39th International Conference on Machine Learning, volume 162 of Proceedings of Machine Learning Research, pp.  12998–13013. PMLR, 17–23 Jul 2022. URL https://proceedings.mlr.press/v162/li22t.html.
  42. Out-of-distribution generalization with deep equilibrium models. In ICML 2021 Workshop on Uncertainty and Robustness in Deep Learning, 2021.
  43. Neural mechanisms of spatial selective attention in areas v1, v2, and v4 of macaque visual cortex. Journal of neurophysiology, 77(1):24–42, 1997.
  44. Neurons learn by predicting future activity. Nature machine intelligence, 4(1):62–72, 2022.
  45. Towards deep learning models resistant to adversarial attacks, 2017.
  46. Is spiking secure? a comparative study on the security vulnerabilities of spiking and deep neural networks. In 2020 International Joint Conference on Neural Networks (IJCNN). IEEE, July 2020. doi: 10.1109/ijcnn48605.2020.9207297. URL https://doi.org/10.1109/ijcnn48605.2020.9207297.
  47. Interactions of top-down and bottom-up mechanisms in human visual cortex. The Journal of Neuroscience, 31(2):587–597, January 2011. doi: 10.1523/jneurosci.3766-10.2011. URL https://doi.org/10.1523/jneurosci.3766-10.2011.
  48. Top-down control of visual attention. Current Opinion in Neurobiology, 20(2):183–190, April 2010. doi: 10.1016/j.conb.2010.02.003. URL https://doi.org/10.1016/j.conb.2010.02.003.
  49. Training a spiking neural network with equilibrium propagation. In Kamalika Chaudhuri and Masashi Sugiyama (eds.), Proceedings of the Twenty-Second International Conference on Artificial Intelligence and Statistics, volume 89 of Proceedings of Machine Learning Research, pp.  1516–1523. PMLR, 16–18 Apr 2019. URL https://proceedings.mlr.press/v89/o-connor19a.html.
  50. Adversarial training can hurt generalization. arXiv preprint arXiv:1906.06032, 2019.
  51. Predictive coding in the visual cortex: a functional interpretation of some extra-classical receptive-field effects. Nature neuroscience, 2(1):79–87, 1999.
  52. Equilibrium propagation: Bridging the gap between energy-based models and backpropagation. Frontiers in Computational Neuroscience, 11, May 2017. doi: 10.3389/fncom.2017.00024. URL https://doi.org/10.3389/fncom.2017.00024.
  53. Adversarially robust generalization requires more data. Advances in neural information processing systems, 31, 2018.
  54. Inherent adversarial robustness of deep spiking neural networks: Effects of discrete input encoding and non-linear activations. In Computer Vision–ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XXIX 16, pp.  399–414. Springer, 2020.
  55. Learning without neurons in physical systems. Annual Review of Condensed Matter Physics, 14(1):417–441, March 2023. doi: 10.1146/annurev-conmatphys-040821-113439. URL https://doi.org/10.1146/annurev-conmatphys-040821-113439.
  56. Supervised learning in physical networks: From machine learning to learning machines. Physical Review X, 11(2), May 2021. doi: 10.1103/physrevx.11.021045. URL https://doi.org/10.1103/physrevx.11.021045.
  57. Energy and policy considerations for modern deep learning research. In Proceedings of the AAAI conference on artificial intelligence, volume 34, pp.  13693–13696, 2020.
  58. Disentangling adversarial robustness and generalization. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp.  6976–6987, 2019.
  59. Intriguing properties of neural networks. In International Conference on Learning Representations, 2014. URL http://arxiv.org/abs/1312.6199.
  60. Biologically inspired sleep algorithm for increased generalization and adversarial robustness in deep neural networks. In International Conference on Learning Representations, 2019.
  61. Sleep-like unsupervised replay reduces catastrophic forgetting in artificial neural networks. Nature Communications, 13(1), December 2022. doi: 10.1038/s41467-022-34938-7. URL https://doi.org/10.1038/s41467-022-34938-7.
  62. LCANets: Lateral competition improves robustness against corruption and attack. In Kamalika Chaudhuri, Stefanie Jegelka, Le Song, Csaba Szepesvari, Gang Niu, and Sivan Sabato (eds.), Proceedings of the 39th International Conference on Machine Learning, volume 162 of Proceedings of Machine Learning Research, pp.  21232–21252. PMLR, 17–23 Jul 2022. URL https://proceedings.mlr.press/v162/teti22a.html.
  63. Robustness may be at odds with accuracy. arXiv preprint arXiv:1805.12152, 2018.
  64. Hierarchical organization and functional streams in the visual cortex. Trends in neurosciences, 6:370–375, 1983.
  65. Aimee Van Wynsberghe. Sustainable ai: Ai for sustainability and the sustainability of ai. AI and Ethics, 1(3):213–218, 2021.
  66. Perceptual deep neural networks: Adversarial robustness through input recreation. arXiv preprint arXiv:2009.01110, 2020.
  67. Evaluating the neurophysiological evidence for predictive processing as a model of perception. Annals of the New York Academy of Sciences, 1464(1):242–268, March 2020. doi: 10.1111/nyas.14321. URL https://doi.org/10.1111/nyas.14321.
  68. Once-for-all adversarial training: In-situ tradeoff between robustness and accuracy for free. In H. Larochelle, M. Ranzato, R. Hadsell, M.F. Balcan, and H. Lin (eds.), Advances in Neural Information Processing Systems, volume 33, pp.  7449–7461. Curran Associates, Inc., 2020. URL https://proceedings.neurips.cc/paper_files/paper/2020/file/537d9b6c927223c796cac288cced29df-Paper.pdf.
  69. Certified robustness for deep equilibrium models via interval bound propagation. In International Conference on Learning Representations, 2021.
  70. A closer look at the adversarial robustness of deep equilibrium models. Advances in Neural Information Processing Systems, 35:10448–10461, 2022.
  71. Improving adversarial robustness of deep equilibrium models with explicit regulations along the neural dynamics. 2023.
  72. Theoretically principled trade-off between robustness and accuracy. In International conference on machine learning, pp. 7472–7482. PMLR, 2019.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets