Towards Robustness of Deep Neural Networks via Regularization

Yao Li, Martin Renqiang Min, Thomas Lee, Wenchao Yu, Erik Kruus, Wei Wang, Cho-Jui Hsieh; Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV), 2021, pp. 7496-7505


Recent studies have demonstrated the vulnerability of deep neural networks against adversarial examples. Inspired by the observation that adversarial examples often lie outside the natural image data manifold and the intrinsic dimension of image data is much smaller than its pixel space dimension, we propose to embed high-dimensional input images into a low-dimensional space and apply regularization on the embedding space to push the adversarial examples back to the manifold. The proposed framework is called Embedding Regularized Classifier (ER-Classifier), which improves the adversarial robustness of the classifier through embedding regularization. Besides improving classification accuracy against adversarial examples, the framework can be combined with detection methods to detect adversarial examples. Experimental results on several benchmark datasets show that, our proposed framework achieves good performance against strong adversarial attack methods.

Related Material

[pdf] [supp]
@InProceedings{Li_2021_ICCV, author = {Li, Yao and Min, Martin Renqiang and Lee, Thomas and Yu, Wenchao and Kruus, Erik and Wang, Wei and Hsieh, Cho-Jui}, title = {Towards Robustness of Deep Neural Networks via Regularization}, booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV)}, month = {October}, year = {2021}, pages = {7496-7505} }