Benchmarking Robustness Beyond lp Norm Adversaries

Akshay Agarwal; Nalini Ratha; Mayank Vatsa; Richa Singh

doi:10.1007/978-3-031-25056-9_23

Benchmarking Robustness Beyond l_p Norm Adversaries

Akshay Agarwal
, Nalini Ratha
, Mayank Vatsa
, Richa Singh

Department of Computer Science and Engineering

SUNY Buffalo
Indian Institute of Technology Jodhpur

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Recently, a significant boom has been noticed in the generation of a variety of malicious examples ranging from adversarial perturbations to common noises to natural adversaries. These malicious examples are highly effective in fooling almost ‘any’ deep neural network. Therefore, to protect the integrity of deep networks, research efforts have been started in building the defense against these anomalies of the individual category. The prime reason for such individual handling of noises is the lack of one unique dataset which can be used to benchmark against multiple malicious examples and hence in turn can help in building a true ‘universal’ defense algorithm. This research work is an aid towards that goal that created a dataset termed “wide angle anomalies” containing 19 different malicious categories. On top of that, an extensive experimental evaluation has been performed on the proposed dataset using popular deep neural networks to detect these wide-angle anomalies. The experiments help in identifying a possible relationship between different anomalies and how easy or difficult to detect an anomaly if it is seen or unseen during training-testing. We assert that the experiments in seen and unseen category attack training-testing reveals several surprising and interesting outcomes including possible connection among adversaries. We believe it can help in building a universal defense algorithm.

Original language	English
Title of host publication	Computer Vision - ECCV 2022 Workshops, Proceedings
Editors	Leonid Karlinsky, Tomer Michaeli, Ko Nishino
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	342-359
Number of pages	18
ISBN (Print)	9783031250552
DOIs	https://doi.org/10.1007/978-3-031-25056-9_23
State	Published - 2023
Event	Workshops held at the 17th European Conference on Computer Vision, ECCV 2022 - Tel Aviv, Israel Duration: Oct 23 2022 → Oct 27 2022

Publication series

Name	Lecture Notes in Computer Science
Volume	13801 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Workshops held at the 17th European Conference on Computer Vision, ECCV 2022
Country/Territory	Israel
City	Tel Aviv
Period	10/23/22 → 10/27/22

Access to Document

10.1007/978-3-031-25056-9_23

Cite this

Agarwal, A., Ratha, N., Vatsa, M., & Singh, R. (2023). Benchmarking Robustness Beyond l_p Norm Adversaries. In L. Karlinsky, T. Michaeli, & K. Nishino (Eds.), Computer Vision - ECCV 2022 Workshops, Proceedings (pp. 342-359). (Lecture Notes in Computer Science; Vol. 13801 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-25056-9_23

@inproceedings{29b0689197ad4b17abdc8fe077efa577,

title = "Benchmarking Robustness Beyond lp Norm Adversaries",

abstract = "Recently, a significant boom has been noticed in the generation of a variety of malicious examples ranging from adversarial perturbations to common noises to natural adversaries. These malicious examples are highly effective in fooling almost {\textquoteleft}any{\textquoteright} deep neural network. Therefore, to protect the integrity of deep networks, research efforts have been started in building the defense against these anomalies of the individual category. The prime reason for such individual handling of noises is the lack of one unique dataset which can be used to benchmark against multiple malicious examples and hence in turn can help in building a true {\textquoteleft}universal{\textquoteright} defense algorithm. This research work is an aid towards that goal that created a dataset termed “wide angle anomalies” containing 19 different malicious categories. On top of that, an extensive experimental evaluation has been performed on the proposed dataset using popular deep neural networks to detect these wide-angle anomalies. The experiments help in identifying a possible relationship between different anomalies and how easy or difficult to detect an anomaly if it is seen or unseen during training-testing. We assert that the experiments in seen and unseen category attack training-testing reveals several surprising and interesting outcomes including possible connection among adversaries. We believe it can help in building a universal defense algorithm.",

author = "Akshay Agarwal and Nalini Ratha and Mayank Vatsa and Richa Singh",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.; Workshops held at the 17th European Conference on Computer Vision, ECCV 2022 ; Conference date: 23-10-2022 Through 27-10-2022",

year = "2023",

doi = "10.1007/978-3-031-25056-9\_23",

language = "English",

isbn = "9783031250552",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "342--359",

editor = "Leonid Karlinsky and Tomer Michaeli and Ko Nishino",

booktitle = "Computer Vision - ECCV 2022 Workshops, Proceedings",

address = "Germany",

}

Agarwal, A, Ratha, N, Vatsa, M & Singh, R 2023, Benchmarking Robustness Beyond l_p Norm Adversaries. in L Karlinsky, T Michaeli & K Nishino (eds), Computer Vision - ECCV 2022 Workshops, Proceedings. Lecture Notes in Computer Science, vol. 13801 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 342-359, Workshops held at the 17th European Conference on Computer Vision, ECCV 2022, Tel Aviv, Israel, 10/23/22. https://doi.org/10.1007/978-3-031-25056-9_23

Benchmarking Robustness Beyond l_p Norm Adversaries. / Agarwal, Akshay; Ratha, Nalini; Vatsa, Mayank et al.
Computer Vision - ECCV 2022 Workshops, Proceedings. ed. / Leonid Karlinsky; Tomer Michaeli; Ko Nishino. Springer Science and Business Media Deutschland GmbH, 2023. p. 342-359 (Lecture Notes in Computer Science; Vol. 13801 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Benchmarking Robustness Beyond lp Norm Adversaries

AU - Agarwal, Akshay

AU - Ratha, Nalini

AU - Vatsa, Mayank

AU - Singh, Richa

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.

PY - 2023

Y1 - 2023

N2 - Recently, a significant boom has been noticed in the generation of a variety of malicious examples ranging from adversarial perturbations to common noises to natural adversaries. These malicious examples are highly effective in fooling almost ‘any’ deep neural network. Therefore, to protect the integrity of deep networks, research efforts have been started in building the defense against these anomalies of the individual category. The prime reason for such individual handling of noises is the lack of one unique dataset which can be used to benchmark against multiple malicious examples and hence in turn can help in building a true ‘universal’ defense algorithm. This research work is an aid towards that goal that created a dataset termed “wide angle anomalies” containing 19 different malicious categories. On top of that, an extensive experimental evaluation has been performed on the proposed dataset using popular deep neural networks to detect these wide-angle anomalies. The experiments help in identifying a possible relationship between different anomalies and how easy or difficult to detect an anomaly if it is seen or unseen during training-testing. We assert that the experiments in seen and unseen category attack training-testing reveals several surprising and interesting outcomes including possible connection among adversaries. We believe it can help in building a universal defense algorithm.

AB - Recently, a significant boom has been noticed in the generation of a variety of malicious examples ranging from adversarial perturbations to common noises to natural adversaries. These malicious examples are highly effective in fooling almost ‘any’ deep neural network. Therefore, to protect the integrity of deep networks, research efforts have been started in building the defense against these anomalies of the individual category. The prime reason for such individual handling of noises is the lack of one unique dataset which can be used to benchmark against multiple malicious examples and hence in turn can help in building a true ‘universal’ defense algorithm. This research work is an aid towards that goal that created a dataset termed “wide angle anomalies” containing 19 different malicious categories. On top of that, an extensive experimental evaluation has been performed on the proposed dataset using popular deep neural networks to detect these wide-angle anomalies. The experiments help in identifying a possible relationship between different anomalies and how easy or difficult to detect an anomaly if it is seen or unseen during training-testing. We assert that the experiments in seen and unseen category attack training-testing reveals several surprising and interesting outcomes including possible connection among adversaries. We believe it can help in building a universal defense algorithm.

UR - https://www.scopus.com/pages/publications/105009492617

U2 - 10.1007/978-3-031-25056-9_23

DO - 10.1007/978-3-031-25056-9_23

M3 - Conference contribution

AN - SCOPUS:105009492617

SN - 9783031250552

T3 - Lecture Notes in Computer Science

SP - 342

EP - 359

BT - Computer Vision - ECCV 2022 Workshops, Proceedings

A2 - Karlinsky, Leonid

A2 - Michaeli, Tomer

A2 - Nishino, Ko

PB - Springer Science and Business Media Deutschland GmbH

T2 - Workshops held at the 17th European Conference on Computer Vision, ECCV 2022

Y2 - 23 October 2022 through 27 October 2022

ER -