Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards Adversarially Robust Dataset Distillation by Curvature Regularization (2403.10045v2)

Published 15 Mar 2024 in cs.LG and cs.CV

Abstract: Dataset distillation (DD) allows datasets to be distilled to fractions of their original size while preserving the rich distributional information so that models trained on the distilled datasets can achieve a comparable accuracy while saving significant computational loads. Recent research in this area has been focusing on improving the accuracy of models trained on distilled datasets. In this paper, we aim to explore a new perspective of DD. We study how to embed adversarial robustness in distilled datasets, so that models trained on these datasets maintain the high accuracy and meanwhile acquire better adversarial robustness. We propose a new method that achieves this goal by incorporating curvature regularization into the distillation process with much less computational overhead than standard adversarial training. Extensive empirical experiments suggest that our method not only outperforms standard adversarial training on both accuracy and robustness with less computation overhead but is also capable of generating robust distilled datasets that can withstand various adversarial attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (53)
  1. Square attack: a query-efficient black-box adversarial attack via random search. In Proceedings of the European Conference on Computer Vision, 2020.
  2. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420, 2018.
  3. Deconstructing data reconstruction: Multiclass, weight decay and general losses. arXiv preprint arXiv:2307.01827, 2023.
  4. N. Carlini and D. Wagner. Towards evaluating the robustness of neural networks. In IEEE Symposium on Security and Privacy, pages 39–57, 2017.
  5. Dataset distillation by matching training trajectories. In IEEE Conference on Computer Vision and Pattern Recognition, 2022.
  6. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, pages 15–26. ACM, 2017.
  7. A comprehensive study on dataset distillation: Performance, privacy, robustness and fairness. arXiv preprint arXiv:2305.03355, 2023.
  8. Houdini: Fooling deep structured prediction models. arXiv preprint arXiv:1707.05373, 2017a.
  9. Parseval networks: Improving robustness to adversarial examples. In Proceedings of the 34th International Conference on Machine Learning, pages 854–863, 2017b.
  10. Certified adversarial robustness via randomized smoothing. In International Conference on Machine Learning, 2019.
  11. F. Croce and M. Hein. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International Conference on Machine Learning, 2020.
  12. Scaling up dataset distillation to imagenet-1k with constant memory. In International Conference on Machine Learning, 2023.
  13. Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition, pages 248–255. Ieee, 2009.
  14. Boosting adversarial attacks with momentum. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 2017.
  15. Empirical study of the topology and geometry of deep networks. In IEEE Conference on Computer Vision and Pattern Recognition, Jun 2018.
  16. A survey on dataset distillation: Approaches, applications, and future directions. arXiv preprint arXiv:2305.01975, 2023.
  17. Explaining and harnessing adversarial examples. In International Conference on Learning Representations, 2015.
  18. S. Gu and L. Rigazio. Towards deep neural network architectures robust to adversarial examples, 2014.
  19. Deep residual learning for image recognition. In IEEE Conference on Computer Vision and Pattern Recognition, pages 770–778, 2016.
  20. J. Howard. Imagenette, 2018. URL https://github.com/fastai/imagenette/.
  21. With friends like these, who needs adversaries? In Advances in neural information processing systems, 2018.
  22. G. Khromov and S. P. Singh. Some intriguing aspects about lipschitz continuity of neural networks. arXiv preprint arXiv:2302.10886, 2023.
  23. Adversarial examples in the physical world. International Conference on Learning Representations Workshops, 2017.
  24. Y. Le and X. Yang. Tiny imagenet visual recognition challenge. CS 231N, 7(7):3, 2015.
  25. Dataset condensation with contrastive signals. In International Conference on Machine Learning, 2022.
  26. Towards trustworthy and aligned machine learning: A data-centric survey with causality perspectives, 2023a.
  27. Dataset distillation via the wasserstein metric. arXiv preprint arXiv:2311.18531, 2023b.
  28. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083, 2017.
  29. Towards deep learning models resistant to adversarial attacks. In Proceedings of the International Conference on Learning Representations, 2018.
  30. Distributional smoothing with virtual adversarial training, 2015.
  31. Deepfool: a simple and accurate method to fool deep neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 2574–2582, 2016.
  32. Robustness via curvature regularization, and vice versa. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pages 9078–9086, 2019.
  33. N. Narodytska and S. P. Kasiviswanathan. Simple black-box adversarial perturbations for deep networks, 2016.
  34. Dataset meta-learning from kernel ridge-regression. arXiv preprint arXiv:2011.00050, 2020.
  35. Dataset distillation with infinitely wide convolutional networks. Advances in Neural Information Processing Systems, 34:5186–5198, 2021.
  36. The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy.
  37. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277, 2016a.
  38. Distillation as a defense to adversarial perturbations against deep neural networks. In 2016 IEEE Symposium on Security and Privacy (SP), pages 582–597. IEEE, 2016b.
  39. A. S. Ross and F. Doshi-Velez. Improving the adversarial robustness and interpretability of deep neural networks by regularizing their input gradients. In AAAI Conference on Artificial Intelligence, 2018.
  40. N. Sachdeva and J. McAuley. Data distillation: a survey. arXiv preprint arXiv:2301.04272, 2023.
  41. I. Sucholutsky and M. Schonlau. Soft-label dataset distillation and text dataset distillation. In 2021 International Joint Conference on Neural Networks (IJCNN), pages 1–8. IEEE, 2021.
  42. Ensemble adversarial training: attacks and defenses. In International Conference on Learning Representations, 2018.
  43. Cafe: Learning to condense dataset by aligning features. In IEEE Conference on Computer Vision and Pattern Recognition, 2022.
  44. Dataset distillation. arXiv preprint arXiv:1811.10959, 2018.
  45. Wasserstein adversarial examples via projected sinkhorn iterations. arXiv preprint arXiv:1902.07906, 2019.
  46. Z. Yin and Z. Shen. Dataset distillation in large data era. arXiv preprint arXiv:2311.18838, 2023.
  47. Squeeze, recover and relabel: Dataset condensation at imagenet scale from a new perspective. In Advances in Neural Information Processing Systems, 2023.
  48. M3D: Dataset condensation by minimizing maximum mean discrepancy. In Proceedings of the AAAI Conference on Artificial Intelligence (AAAI), 2024.
  49. Attacks which do not kill training make adversarial learning stronger. In International Conference on Machine Learning, pages 11278–11287. PMLR, 2020.
  50. B. Zhao and H. Bilen. Dataset condensation with differentiable siamese augmentation. In International Conference on Machine Learning, 2021.
  51. B. Zhao and H. Bilen. Dataset condensation with distribution matching. In IEEE Winter Conference on Applications of Computer Vision, 2023.
  52. Dataset condensation with gradient matching. In International Conference on Learning Representations, 2021.
  53. Dataset distillation using neural feature regression. In Advances in Neural Information Processing Systems, 2022.
Citations (5)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets