NeurIPS 2022

Timezone: »

Poster

Can Adversarial Training Be Manipulated By Non-Robust Features?

Lue Tao · Lei Feng · Hongxin Wei · Jinfeng Yi · Sheng-Jun Huang · Songcan Chen

Adversarial training, originally designed to resist test-time adversarial examples, has shown to be promising in mitigating training-time availability attacks. This defense ability, however, is challenged in this paper. We identify a novel threat model named stability attack, which aims to hinder robust availability by slightly manipulating the training data. Under this threat, we show that adversarial training using a conventional defense budget $\epsilon$ provably fails to provide test robustness in a simple statistical setting, where the non-robust features of the training data can be reinforced by $\epsilon$-bounded perturbation. Further, we analyze the necessity of enlarging the defense budget to counter stability attacks. Finally, comprehensive experiments demonstrate that stability attacks are harmful on benchmark datasets, and thus the adaptive defense is necessary to maintain robustness.

Keywords: adversarial training · Availability Attacks · Hypocritical Perturbations · Stability Attacks

[ Paper] [ Slides] [ Poster] [ OpenReview]

Author Information

Lue Tao (Nanjing University)

Lei Feng (Nanyang Technological University)

Hongxin Wei (Nanyang Technological University)

Jinfeng Yi (JD AI Research)

Sheng-Jun Huang (Nanjing University of Aeronautics and Astronautics)

Songcan Chen (Nanjing University of Aeronautics and Astronautics)

More from the Same Authors

2022 Poster: Generalizing Consistent Multi-Class Classification with Rejection to be Compatible with Arbitrary Losses »
Yuzhou Cao · Tianchi Cai · Lei Feng · Lihong Gu · Jinjie GU · Bo An · Gang Niu · Masashi Sugiyama
2022 Poster: SoLar: Sinkhorn Label Refinery for Imbalanced Partial-Label Learning »
Haobo Wang · Mingxuan Xia · Yixuan Li · Yuren Mao · Lei Feng · Gang Chen · Junbo Zhao
2022 Poster: ACIL: Analytic Class-Incremental Learning with Absolute Memorization and Privacy Protection »
HUIPING ZHUANG · Zhenyu Weng · Hongxin Wei · RENCHUNZI XIE · Kar-Ann Toh · Zhiping Lin
2022 Poster: Active Learning for Multiple Target Models »
Ying-Peng Tang · Sheng-Jun Huang
2023 Poster: Regression with Cost-based Rejection »
Xin Cheng · Yuzhou Cao · Haobo Wang · Hongxin Wei · Bo An · Lei Feng
2023 Poster: In Defense of Softmax Parametrization for Calibrated and Consistent Learning to Defer »
Yuzhou Cao · Hussein Mozannar · Lei Feng · Hongxin Wei · Bo An
2023 Poster: Efficient Algorithms for Generalized Linear Bandits with Heavy-tailed Rewards »
Bo Xue · Yimu Wang · Yuanyu Wan · Jinfeng Yi · Lijun Zhang
2023 Poster: Class-Distribution-Aware Pseudo-Labeling for Semi-Supervised Multi-Label Learning »
Ming-Kun Xie · Jiahao Xiao · Hao-Zhe Liu · Gang Niu · Masashi Sugiyama · Sheng-Jun Huang
2023 Poster: Beyond Myopia: Learning from Positive and Unlabeled Data through Holistic Predictive Trends »
Wang Xinrui · Wenhai Wan · Chuanxing Geng · Shao-Yuan Li · Songcan Chen
2023 Poster: On the Importance of Feature Separability in Predicting Out-Of-Distribution Error »
RENCHUNZI XIE · Hongxin Wei · Lei Feng · Yuzhou Cao · Bo An
2022 Spotlight: Lightning Talks 4A-2 »
Barakeel Fanseu Kamhoua · Hualin Zhang · Taiki Miyagawa · Tomoya Murata · Xin Lyu · Yan Dai · Elena Grigorescu · Zhipeng Tu · Lijun Zhang · Taiji Suzuki · Wei Jiang · Haipeng Luo · Lin Zhang · Xi Wang · Young-San Lin · Huan Xiong · Liyu Chen · Bin Gu · Jinfeng Yi · Yongqiang Chen · Sandeep Silwal · Yiguang Hong · Maoyuan Song · Lei Wang · Tianbao Yang · Han Yang · MA Kaili · Samson Zhou · Deming Yuan · Bo Han · Guodong Shi · Bo Li · James Cheng
2022 Spotlight: Smoothed Online Convex Optimization Based on Discounted-Normal-Predictor »
Lijun Zhang · Wei Jiang · Jinfeng Yi · Tianbao Yang
2022 Spotlight: Lightning Talks 2A-2 »
Harikrishnan N B · Jianhao Ding · Juha Harviainen · Yizhen Wang · Lue Tao · Oren Mangoubi · Tong Bu · Nisheeth Vishnoi · Mohannad Alhanahnah · Mikko Koivisto · Aditi Kathpalia · Lei Feng · Nithin Nagaraj · Hongxin Wei · Xiaozhu Meng · Petteri Kaski · Zhaofei Yu · Tiejun Huang · Ke Wang · Jinfeng Yi · Jian Liu · Sheng-Jun Huang · Mihai Christodorescu · Songcan Chen · Somesh Jha
2022 Spotlight: Can Adversarial Training Be Manipulated By Non-Robust Features? »
Lue Tao · Lei Feng · Hongxin Wei · Jinfeng Yi · Sheng-Jun Huang · Songcan Chen
2022 Poster: Label-Aware Global Consistency for Multi-Label Learning with Single Positive Labels »
Ming-Kun Xie · Jiahao Xiao · Sheng-Jun Huang
2022 Poster: Smoothed Online Convex Optimization Based on Discounted-Normal-Predictor »
Lijun Zhang · Wei Jiang · Jinfeng Yi · Tianbao Yang
2021 Poster: Multi-Label Learning with Pairwise Relevance Ordering »
Ming-Kun Xie · Sheng-Jun Huang
2021 Poster: Rethinking Calibration of Deep Neural Networks: Do Not Be Afraid of Overconfidence »
Deng-Bao Wang · Lei Feng · Min-Ling Zhang
2021 Poster: Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training »
Lue Tao · Lei Feng · Jinfeng Yi · Sheng-Jun Huang · Songcan Chen
2021 Poster: Open-set Label Noise Can Improve Robustness Against Inherent Label Noise »
Hongxin Wei · Lue Tao · RENCHUNZI XIE · Bo An
2021 Poster: Fast Certified Robust Training with Short Warmup »
Zhouxing Shi · Yihan Wang · Huan Zhang · Jinfeng Yi · Cho-Jui Hsieh
2020 Poster: Provably Consistent Partial-Label Learning »
Lei Feng · Jiaqi Lv · Bo Han · Miao Xu · Gang Niu · Xin Geng · Bo An · Masashi Sugiyama
2018 Poster: Adaptive Negative Curvature Descent with Applications in Non-convex Optimization »
Mingrui Liu · Zhe Li · Xiaoyu Wang · Jinfeng Yi · Tianbao Yang
2017 Poster: Scalable Demand-Aware Recommendation »
Jinfeng Yi · Cho-Jui Hsieh · Kush Varshney · Lijun Zhang · Yao Li
2017 Poster: Improved Dynamic Regret for Non-degenerate Functions »
Lijun Zhang · Tianbao Yang · Jinfeng Yi · Rong Jin · Zhi-Hua Zhou
2012 Poster: Semi-Crowdsourced Clustering: Generalizing Crowd Labeling by Robust Distance Metric Learning »
Jinfeng Yi · Rong Jin · Anil K Jain · Shaili Jain