Timezone: »
Poster
Evolution of Neural Tangent Kernels under Benign and Adversarial Training
Noel Loo · Ramin Hasani · Alexander Amini · Daniela Rus
Two key challenges facing modern deep learning is mitigating deep networks vulnerability to adversarial attacks, and understanding deep learning's generalization capabilities. Towards the first issue, many defense strategies have been developed, with the most common being Adversarial Training (AT). Towards the second challenge, one of the dominant theories that has emerged is the Neural Tangent Kernel (NTK) -- a characterization of neural network behavior in the infinite-width limit. In this limit, the kernel is frozen and the underlying feature map is fixed. In finite-widths however, there is evidence that feature learning happens at the earlier stages of the training (kernel learning) before a second phase where the kernel remains fixed (lazy training). While prior work has aimed at studying adversarial vulnerability through the lens of the frozen infinite-width NTK, there is no work which studies adversarial robustness of NTK during training. In this work, we perform an empirical study of the evolution of the NTK under standard and adversarial training, aiming to disambiguate the effect of adversarial training on kernel learning and lazy training. We find under adversarial training, the NTK rapidly converges to a different kernel (and feature map) than standard training. This new kernel provides adversarial robustness, even when non-robust training is performed on top of it. Furthermore, we find that adversarial training on top of a fixed kernel can yield a classifier with $76.1\%$ robust accuracy under PGD attacks with $\varepsilon = 4/255$ on CIFAR-10.
Author Information
Noel Loo (MIT)
Ramin Hasani (MIT | Vanguard)
Alexander Amini (MIT)
Daniela Rus (Massachusetts Institute of Technology)
More from the Same Authors
-
2021 : Neighborhood Mixup Experience Replay: Local Convex Interpolation for Improved Sample Efficiency in Continuous Control Tasks »
Ryan Sander · Wilko Schwarting · Tim Seyde · Igor Gilitschenski · Sertac Karaman · Daniela Rus -
2021 : Strength Through Diversity: Robust Behavior Learning via Mixture Policies »
Tim Seyde · Wilko Schwarting · Igor Gilitschenski · Markus Wulfmeier · Daniela Rus -
2022 : PyHopper - A Plug-and-Play Hyperparameter Optimization Engine »
Mathias Lechner · Ramin Hasani · Sophie Neubauer · Philipp Neubauer · Daniela Rus -
2022 : Mixed-Memory RNNs for Learning Long-term Dependencies in Irregularly-sampled Time Series »
Mathias Lechner · Ramin Hasani -
2022 : Are All Vision Models Created Equal? A Study of the Open-Loop to Closed-Loop Causality Gap »
Mathias Lechner · Ramin Hasani · Alexander Amini · Tsun-Hsuan Johnson Wang · Thomas Henzinger · Daniela Rus -
2022 : Infrastructure-based End-to-End Learning and Prevention of Driver Failure »
Noam Buckman · Shiva Sreeram · Mathias Lechner · Yutong Ban · Ramin Hasani · Sertac Karaman · Daniela Rus -
2022 : Capsa: A Unified Framework for Quantifying Risk in Deep Neural Networks »
Sadhana Lolla · Iaroslav Elistratov · Alejandro Perez · Elaheh Ahmadi · Daniela Rus · Alexander Amini -
2022 : Infrastructure-based End-to-End Learning and Prevention of Driver Failure »
Noam Buckman · Shiva Sreeram · Mathias Lechner · Yutong Ban · Ramin Hasani · Sertac Karaman · Daniela Rus -
2022 : Capsa: A Unified Framework for Quantifying Risk in Deep Neural Networks »
Sadhana Lolla · Iaroslav Elistratov · Alejandro Perez · Elaheh Ahmadi · Daniela Rus · Alexander Amini -
2022 Poster: Efficient Dataset Distillation using Random Feature Approximation »
Noel Loo · Ramin Hasani · Alexander Amini · Daniela Rus -
2022 Poster: ActionSense: A Multimodal Dataset and Recording Framework for Human Activities Using Wearable Sensors in a Kitchen Environment »
Joseph DelPreto · Chao Liu · Yiyue Luo · Michael Foshey · Yunzhu Li · Antonio Torralba · Wojciech Matusik · Daniela Rus -
2021 Poster: Sparse Flows: Pruning Continuous-depth Models »
Lucas Liebenwein · Ramin Hasani · Alexander Amini · Daniela Rus -
2021 Poster: Compressing Neural Networks: Towards Determining the Optimal Layer-wise Decomposition »
Lucas Liebenwein · Alaa Maalouf · Dan Feldman · Daniela Rus -
2021 Poster: Causal Navigation by Continuous-time Neural Networks »
Charles Vorbach · Ramin Hasani · Alexander Amini · Mathias Lechner · Daniela Rus -
2021 Poster: Is Bang-Bang Control All You Need? Solving Continuous Control with Bernoulli Policies »
Tim Seyde · Igor Gilitschenski · Wilko Schwarting · Bartolomeo Stellato · Martin Riedmiller · Markus Wulfmeier · Daniela Rus -
2020 Poster: Deep Evidential Regression »
Alexander Amini · Wilko Schwarting · Ava P Soleimany · Daniela Rus -
2019 Poster: Learning-In-The-Loop Optimization: End-To-End Control And Co-Design Of Soft Robots Through Learned Deep Latent Representations »
Andrew Spielberg · Allan Zhao · Yuanming Hu · Tao Du · Wojciech Matusik · Daniela Rus -
2018 : Coffee break + posters 2 »
Jan Kremer · Erik McDermott · Brandon Carter · Albert Zeyer · Andreas Krug · Paul Pu Liang · Katherine Lee · Dominika Basaj · Abelino Jimenez · Lisa Fan · Gautam Bhattacharya · Tzeviya S Fuchs · David Gifford · Loren Lugosch · Orhan Firat · Benjamin Baer · JAHANGIR ALAM · Jamin Shin · Mirco Ravanelli · Paul Smolensky · Zining Zhu · Hamid Eghbal-zadeh · Skyler Seto · Imran Sheikh · Joao Felipe Santos · Yonatan Belinkov · Nadir Durrani · Oiwi Parker Jones · Shuai Tang · André Merboldt · Titouan Parcollet · Wei-Ning Hsu · Krishna Pillutla · Ehsan Hosseini-Asl · Monica Dinculescu · Alexander Amini · Ying Zhang · Taoli Cheng · Alain Tapp -
2018 : Coffee break + posters 1 »
Samuel Myer · Wei-Ning Hsu · Jialu Li · Monica Dinculescu · Lea Schönherr · Ehsan Hosseini-Asl · Skyler Seto · Oiwi Parker Jones · Imran Sheikh · Thomas Manzini · Yonatan Belinkov · Nadir Durrani · Alexander Amini · Johanna Hansen · Gabi Shalev · Jamin Shin · Paul Smolensky · Lisa Fan · Zining Zhu · Hamid Eghbal-zadeh · Benjamin Baer · Abelino Jimenez · Joao Felipe Santos · Jan Kremer · Erik McDermott · Andreas Krug · Tzeviya S Fuchs · Shuai Tang · Brandon Carter · David Gifford · Albert Zeyer · André Merboldt · Krishna Pillutla · Katherine Lee · Titouan Parcollet · Orhan Firat · Gautam Bhattacharya · JAHANGIR ALAM · Mirco Ravanelli -
2017 : Poster session »
Xun Zheng · Tim G. J. Rudner · Christopher Tegho · Patrick McClure · Yunhao Tang · ASHWIN D'CRUZ · Juan Camilo Gamboa Higuera · Chandra Sekhar Seelamantula · Jhosimar Arias Figueroa · Andrew Berlin · Maxime Voisin · Alexander Amini · Thang Long Doan · Hengyuan Hu · Aleksandar Botev · Niko Suenderhauf · CHI ZHANG · John Lambert -
2017 : Openning Remarks »
Ramin Hasani -
2017 Workshop: Workshop on Worm's Neural Information Processing (WNIP) »
Ramin Hasani · Manuel Zimmer · Stephen Larson · Tomas Kazmar · Radu Grosu -
2016 Poster: Dimensionality Reduction of Massive Sparse Datasets Using Coresets »
Dan Feldman · Mikhail Volkov · Daniela Rus -
2014 Poster: Coresets for k-Segmentation of Streaming Data »
Guy Rosman · Mikhail Volkov · Dan Feldman · John Fisher III · Daniela Rus