Timezone: »

 
Best of Both Worlds: Towards Adversarial Robustness with Transduction and Rejection
Nils Palumbo · Yang Guo · Xi Wu · Jiefeng Chen · Yingyu Liang · Somesh Jha

@
in Workshop on Machine Learning Safety »

Both transduction and rejection have emerged as key techniques to enable stronger defenses against adversarial perturbations, but existing work has not investigated the combination of transduction and rejection. Our theoretical analysis shows that combining the two can potentially lead to better guarantees than using transduction or rejection alone. Based on the analysis, we propose a defense algorithm that learns a transductive classifier with the rejection option and also propose a strong adaptive attack for evaluating our defense. The experimental results on MNIST and CIFAR-10 show that it has strong robustness, outperforming existing baselines, including those using only transduction or rejection.

[ Poster [ Topia

Author Information

Nils Palumbo (University of Wisconsin-Madison)
Yang Guo (University of Wisconsin Madison)
Xi Wu (Google)
Jiefeng Chen (University of Wisconsin-Madison)

I am currently a third year Phd student at University of Wisconsin-Madison, in the Computer Science Department. I am co-advised by Prof. Yingyu Liang and Prof. Somesh Jha. I work on trustworthy machine learning with research questions like "How to make machine learning models produce stable explanations of their predictions?", "How to train models that produce robust predictions under adversarial perturbations?, and "Understand when and why some defense mechanisms work?". I obtained my Bachelor's degree in Computer Science from Shanghai Jiao Tong University (SJTU).

Yingyu Liang (University of Wisconsin Madison)
Somesh Jha (University of Wisconsin, Madison)

More from the Same Authors