REGroup - Rank-aggregating Ensemble of Generative Classifiers for Robust Predictions
In IEEE Winter Conference on Applications of Computer Vision (WACV), 2022
Authors: Lokender Tiwari1,2, Anish Madan1, Saket Anand1, Subhasis Banerjee3,4
Affiliations: 1IIIT-Delhi, 2TCS Research, 3IIT-Delhi, 4Department of Computer Science, Ashoka University
Links: PDF, Conference Talk, Conference Talk Slides, Poster, Code
Abstract
Deep Neural Networks (DNNs) are often criticized for being susceptible to adversarial attacks. Most successful defense strategies adopt adversarial training or random input transformations that typically require retraining or fine-tuning the model to achieve reasonable performance. In this work, our investigations of intermediate representations of a pre-trained DNN lead to an interesting discovery pointing to intrinsic robustness to adversarial attacks. We find that we can learn a generative classifier by statistically characterizing the neural response of an intermediate layer to clean training samples. The predictions of multiple such intermediate-layer based classifiers, when aggregated, show unexpected robustness to adversarial attacks. Specifically, we devise an ensemble of these generative classifiers that rank-aggregates their predictions via a Borda count-based consensus. Our proposed approach uses a subset of the clean training data and a pre-trained model, and yet is agnostic to network architectures or the adversarial attack generation method. We show extensive experiments to establish that our defense strategy achieves state-of-the-art performance on the ImageNet validation set.
Sample Results
Bibtex
@inproceedings{tiwari2022regroup, title={REGroup: Rank-aggregating Ensemble of Generative Classifiers for Robust Predictions}, author={Tiwari, Lokender and Madan, Anish and Anand, Saket and Banerjee, Subhashis}, booktitle={Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision}, pages={2595--2604}, year={2022} }