Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
149 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The Pitfalls and Promise of Conformal Inference Under Adversarial Attacks (2405.08886v1)

Published 14 May 2024 in cs.LG and stat.ML

Abstract: In safety-critical applications such as medical imaging and autonomous driving, where decisions have profound implications for patient health and road safety, it is imperative to maintain both high adversarial robustness to protect against potential adversarial attacks and reliable uncertainty quantification in decision-making. With extensive research focused on enhancing adversarial robustness through various forms of adversarial training (AT), a notable knowledge gap remains concerning the uncertainty inherent in adversarially trained models. To address this gap, this study investigates the uncertainty of deep learning models by examining the performance of conformal prediction (CP) in the context of standard adversarial attacks within the adversarial defense community. It is first unveiled that existing CP methods do not produce informative prediction sets under the commonly used $l_{\infty}$-norm bounded attack if the model is not adversarially trained, which underpins the importance of adversarial training for CP. Our paper next demonstrates that the prediction set size (PSS) of CP using adversarially trained models with AT variants is often worse than using standard AT, inspiring us to research into CP-efficient AT for improved PSS. We propose to optimize a Beta-weighting loss with an entropy minimization regularizer during AT to improve CP-efficiency, where the Beta-weighting loss is shown to be an upper bound of PSS at the population level by our theoretical analysis. Moreover, our empirical study on four image classification datasets across three popular AT baselines validates the effectiveness of the proposed Uncertainty-Reducing AT (AT-UR).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (46)
  1. Uncertainty sets for image classifiers using conformal prediction. In International Conference on Learning Representations, 2020.
  2. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning, pp. 2206–2216. PMLR, 2020.
  3. Learnable boundary guided adversarial training. In Proceedings of the IEEE/CVF international conference on computer vision, pp.  15721–15730, 2021a.
  4. Accelerating monte carlo bayesian prediction via approximating predictive uncertainty over the simplex. IEEE transactions on neural networks and learning systems, 33(4):1492–1506, 2020.
  5. Bayesian nested neural networks for uncertainty calibration and adaptive compression. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp.  2392–2401, 2021b.
  6. Bayes-MIL: A new probabilistic perspective on attention-based multiple instance learning for whole slide images. In The Eleventh International Conference on Learning Representations, 2023.
  7. Variational nested dropout. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2023.
  8. Training uncertainty-aware classifiers with conformalized deep learning. Advances in Neural Information Processing Systems, 35:22380–22395, 2022.
  9. Dropout as a bayesian approximation: Representing model uncertainty in deep learning. In international conference on machine learning, pp. 1050–1059. PMLR, 2016.
  10. Adversarially robust conformal prediction. In International Conference on Learning Representations, 2021.
  11. Probabilistically robust conformal prediction. In Uncertainty in Artificial Intelligence, pp.  681–690. PMLR, 2023.
  12. Adaptive conformal inference under distribution shift. Advances in Neural Information Processing Systems, 34:1660–1672, 2021.
  13. Semi-supervised learning by entropy minimization. Advances in neural information processing systems, 17, 2004.
  14. Caltech-256 object category dataset. 2007.
  15. On calibration of modern neural networks. In International conference on machine learning, pp. 1321–1330. PMLR, 2017.
  16. Array programming with numpy. Nature, 585(7825):357–362, 2020.
  17. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pp.  770–778, 2016.
  18. What uncertainties do we need in bayesian deep learning for computer vision? Advances in neural information processing systems, 30, 2017.
  19. Variational dropout and the local reparameterization trick. Advances in neural information processing systems, 28, 2015.
  20. On the effectiveness of adversarial training against common corruptions. In Uncertainty in Artificial Intelligence, pp.  1012–1021. PMLR, 2022.
  21. Learning multiple layers of features from tiny images. 2009.
  22. Distribution-free predictive inference for regression. Journal of the American Statistical Association, 113(523):1094–1111, 2018.
  23. Focal loss for dense object detection. In Proceedings of the IEEE international conference on computer vision, pp.  2980–2988, 2017.
  24. Probabilistic margins for instance reweighting in adversarial training. Advances in Neural Information Processing Systems, 34:23258–23269, 2021a.
  25. Boosting adversarial robustness from the perspective of effective margin regularization. In British Machine Vision Conference (BMVC), 2022.
  26. Improve generalization and robustness of neural networks via weight scale shifting invariant regularizations. In ICML 2021 Workshop on Adversarial Machine Learning, 2021b.
  27. Twins: A fine-tuning framework for improved transferability of adversarial robustness and generalization. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp.  16436–16446, 2023.
  28. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations, 2018.
  29. When does label smoothing help? Advances in neural information processing systems, 32, 2019.
  30. Inductive confidence machines for regression. In Machine Learning: ECML 2002: 13th European Conference on Machine Learning Helsinki, Finland, August 19–23, 2002 Proceedings 13, pp. 345–356. Springer, 2002.
  31. Parzen, E. On estimation of a probability density function and mode. The annals of mathematical statistics, 33(3):1065–1076, 1962.
  32. Platt, J. et al. Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods. Advances in large margin classifiers, 10(3):61–74, 1999.
  33. Adversarial robustness through local linearization. Advances in Neural Information Processing Systems, 32, 2019.
  34. Improving calibration through the relationship with adversarial robustness. Advances in Neural Information Processing Systems, 34:14358–14369, 2021.
  35. Deep learning for medical image processing: Overview, challenges and the future. Classification in BioApps: Automation of Decision Making, pp. 323–350, 2018.
  36. Classification with valid and adaptive coverage. Advances in Neural Information Processing Systems, 33:3581–3591, 2020.
  37. Rosenblatt, M. Remarks on some nonparametric estimates of a density function. The annals of mathematical statistics, pp.  832–837, 1956.
  38. Do adversarially robust imagenet models transfer better? Advances in Neural Information Processing Systems, 33:3533–3545, 2020.
  39. A tutorial on conformal prediction. Journal of Machine Learning Research, 9(3), 2008.
  40. Confidence-calibrated adversarial training: Generalizing to unseen attacks. In International Conference on Machine Learning, pp. 9155–9166. PMLR, 2020.
  41. Machine-learning applications of algorithmic randomness. 1999.
  42. Algorithmic learning in a random world, volume 29. Springer, 2005.
  43. The caltech-ucsd birds-200-2011 dataset. 2011.
  44. Improving adversarial robustness requires revisiting misclassified examples. In International conference on learning representations, 2019.
  45. To be robust or to be fair: Towards fairness in adversarial training. In International conference on machine learning, pp. 11492–11501. PMLR, 2021.
  46. Theoretically principled trade-off between robustness and accuracy. In International conference on machine learning, pp. 7472–7482. PMLR, 2019.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now