Anti-bandit Neural Architecture Search for Model Defense

Hanlin Chen; Baochang Zhang; Song Xue; Xuan Gong; Hong Liu; Rongrong Ji; David Doermann

doi:10.1007/978-3-030-58601-0_5

Anti-bandit Neural Architecture Search for Model Defense

Hanlin Chen
, Baochang Zhang
, Song Xue
, Xuan Gong
, Hong Liu
, Rongrong Ji
, David Doermann

Department of Computer Science and Engineering

Beihang University
SUNY Buffalo
Xiamen University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

19 Scopus citations

Abstract

Deep convolutional neural networks (DCNNs) have dominated as the best performers in machine learning, but can be challenged by adversarial attacks. In this paper, we defend against adversarial attacks using neural architecture search (NAS) which is based on a comprehensive search of denoising blocks, weight-free operations, Gabor filters and convolutions. The resulting anti-bandit NAS (ABanditNAS) incorporates a new operation evaluation measure and search process based on the lower and upper confidence bounds (LCB and UCB). Unlike the conventional bandit algorithm using UCB for evaluation only, we use UCB to abandon arms for search efficiency and LCB for a fair competition between arms. Extensive experiments demonstrate that ABanditNAS is about twice as fast as the state-of-the-art NAS method, while achieving an 8.73 % improvement over prior arts on CIFAR-10 under PGD-7.

Original language	English
Title of host publication	Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings
Editors	Andrea Vedaldi, Horst Bischof, Thomas Brox, Jan-Michael Frahm
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	70-85
Number of pages	16
ISBN (Print)	9783030586003
DOIs	https://doi.org/10.1007/978-3-030-58601-0_5
State	Published - 2020
Event	16th European Conference on Computer Vision, ECCV 2020 - Glasgow, United Kingdom Duration: Aug 23 2020 → Aug 28 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12358 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th European Conference on Computer Vision, ECCV 2020
Country/Territory	United Kingdom
City	Glasgow
Period	08/23/20 → 08/28/20

Keywords

Adversarial defense
Bandit
Neural architecture search (NAS)

Access to Document

10.1007/978-3-030-58601-0_5

Cite this

Chen, H., Zhang, B., Xue, S., Gong, X., Liu, H., Ji, R., & Doermann, D. (2020). Anti-bandit Neural Architecture Search for Model Defense. In A. Vedaldi, H. Bischof, T. Brox, & J.-M. Frahm (Eds.), Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings (pp. 70-85). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12358 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-58601-0_5

Chen, Hanlin ; Zhang, Baochang ; Xue, Song et al. / Anti-bandit Neural Architecture Search for Model Defense. Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings. editor / Andrea Vedaldi ; Horst Bischof ; Thomas Brox ; Jan-Michael Frahm. Springer Science and Business Media Deutschland GmbH, 2020. pp. 70-85 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{de5ccdf86f8d455f89ff89d778d33dce,

title = "Anti-bandit Neural Architecture Search for Model Defense",

abstract = "Deep convolutional neural networks (DCNNs) have dominated as the best performers in machine learning, but can be challenged by adversarial attacks. In this paper, we defend against adversarial attacks using neural architecture search (NAS) which is based on a comprehensive search of denoising blocks, weight-free operations, Gabor filters and convolutions. The resulting anti-bandit NAS (ABanditNAS) incorporates a new operation evaluation measure and search process based on the lower and upper confidence bounds (LCB and UCB). Unlike the conventional bandit algorithm using UCB for evaluation only, we use UCB to abandon arms for search efficiency and LCB for a fair competition between arms. Extensive experiments demonstrate that ABanditNAS is about twice as fast as the state-of-the-art NAS method, while achieving an 8.73 \% improvement over prior arts on CIFAR-10 under PGD-7.",

keywords = "Adversarial defense, Bandit, Neural architecture search (NAS)",

author = "Hanlin Chen and Baochang Zhang and Song Xue and Xuan Gong and Hong Liu and Rongrong Ji and David Doermann",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.; 16th European Conference on Computer Vision, ECCV 2020 ; Conference date: 23-08-2020 Through 28-08-2020",

year = "2020",

doi = "10.1007/978-3-030-58601-0\_5",

language = "English",

isbn = "9783030586003",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "70--85",

editor = "Andrea Vedaldi and Horst Bischof and Thomas Brox and Jan-Michael Frahm",

booktitle = "Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings",

address = "Germany",

}

Chen, H, Zhang, B, Xue, S, Gong, X, Liu, H, Ji, R & Doermann, D 2020, Anti-bandit Neural Architecture Search for Model Defense. in A Vedaldi, H Bischof, T Brox & J-M Frahm (eds), Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12358 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 70-85, 16th European Conference on Computer Vision, ECCV 2020, Glasgow, United Kingdom, 08/23/20. https://doi.org/10.1007/978-3-030-58601-0_5

Anti-bandit Neural Architecture Search for Model Defense. / Chen, Hanlin; Zhang, Baochang; Xue, Song et al.
Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings. ed. / Andrea Vedaldi; Horst Bischof; Thomas Brox; Jan-Michael Frahm. Springer Science and Business Media Deutschland GmbH, 2020. p. 70-85 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12358 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Anti-bandit Neural Architecture Search for Model Defense

AU - Chen, Hanlin

AU - Zhang, Baochang

AU - Xue, Song

AU - Gong, Xuan

AU - Liu, Hong

AU - Ji, Rongrong

AU - Doermann, David

PY - 2020

Y1 - 2020

N2 - Deep convolutional neural networks (DCNNs) have dominated as the best performers in machine learning, but can be challenged by adversarial attacks. In this paper, we defend against adversarial attacks using neural architecture search (NAS) which is based on a comprehensive search of denoising blocks, weight-free operations, Gabor filters and convolutions. The resulting anti-bandit NAS (ABanditNAS) incorporates a new operation evaluation measure and search process based on the lower and upper confidence bounds (LCB and UCB). Unlike the conventional bandit algorithm using UCB for evaluation only, we use UCB to abandon arms for search efficiency and LCB for a fair competition between arms. Extensive experiments demonstrate that ABanditNAS is about twice as fast as the state-of-the-art NAS method, while achieving an 8.73 % improvement over prior arts on CIFAR-10 under PGD-7.

AB - Deep convolutional neural networks (DCNNs) have dominated as the best performers in machine learning, but can be challenged by adversarial attacks. In this paper, we defend against adversarial attacks using neural architecture search (NAS) which is based on a comprehensive search of denoising blocks, weight-free operations, Gabor filters and convolutions. The resulting anti-bandit NAS (ABanditNAS) incorporates a new operation evaluation measure and search process based on the lower and upper confidence bounds (LCB and UCB). Unlike the conventional bandit algorithm using UCB for evaluation only, we use UCB to abandon arms for search efficiency and LCB for a fair competition between arms. Extensive experiments demonstrate that ABanditNAS is about twice as fast as the state-of-the-art NAS method, while achieving an 8.73 % improvement over prior arts on CIFAR-10 under PGD-7.

KW - Adversarial defense

KW - Bandit

KW - Neural architecture search (NAS)

UR - https://www.scopus.com/pages/publications/85097628564

U2 - 10.1007/978-3-030-58601-0_5

DO - 10.1007/978-3-030-58601-0_5

M3 - Conference contribution

AN - SCOPUS:85097628564

SN - 9783030586003

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 70

EP - 85

BT - Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings

A2 - Vedaldi, Andrea

A2 - Bischof, Horst

A2 - Brox, Thomas

A2 - Frahm, Jan-Michael

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th European Conference on Computer Vision, ECCV 2020

Y2 - 23 August 2020 through 28 August 2020

ER -

Chen H, Zhang B, Xue S, Gong X, Liu H, Ji R et al. Anti-bandit Neural Architecture Search for Model Defense. In Vedaldi A, Bischof H, Brox T, Frahm JM, editors, Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 70-85. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-58601-0_5

Anti-bandit Neural Architecture Search for Model Defense

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this