• Corpus ID: 235458161

Adversarial Visual Robustness by Causal Intervention

@article{Tang2021AdversarialVR,
  title={Adversarial Visual Robustness by Causal Intervention},
  author={Kaihua Tang and Ming Tao and Hanwang Zhang},
  journal={ArXiv},
  year={2021},
  volume={abs/2106.09534}
}
Adversarial training is the de facto most promising defense against adversarial examples. Yet, its passive nature inevitably prevents it from being immune to unknown attackers. To achieve a proactive defense, we need a more fundamental understanding of adversarial examples, beyond the popular bounded threat model. In this paper, we provide a causal viewpoint of adversarial vulnerability: the cause is the confounder ubiquitously existing in learning, where attackers are precisely exploiting the… 

CausalAdv: Adversarial Robustness through the Lens of Causality

This work proposes the Causal -inspired Adv ersarial distribution alignment method, CausalAdv, to eliminate the difference between natural and adversarial distributions by considering spurious correlations and is the first attempt towards using causality to understand and mitigate the adversarial vulnerability.

Causal Information Bottleneck Boosts Adversarial Robustness of Deep Neural Network

This paper incorporates the causal inference into the IB framework to alleviate the limitation of its further improvement of adversarial robustness, and makes an analysis of the effectiveness of the proposed method.

C AUSAL A DV : A DVERSARIAL R OBUSTNESS THROUGH THE L ENS OF C AUSALITY

This work proposes the Causal -inspired Adv ersarial distribution alignment method, CausalAdv, to eliminate the difference between natural and adversarial distributions by considering spurious correlations and is the first attempt towards using causality to understand and mitigate the adversarial vulnerability.

Certified Robustness Against Natural Language Attacks by Causal Intervention

Causal Intervention by Semantic Smoothing (CISS), a novel framework towards robustness against natural language attacks, learns causal effects p ( y | do ( x )) by smoothing in the latent semantic space to make robust predictions, which scales to deep architectures and avoids tedious construction of noise customized for specific attacks.

Weakly-Supervised Video Object Grounding via Causal Intervention

A unified causal framework to learn the deconfounded object-relevant association by causal intervention from the perspective of video data generation process and proposes a novel spatial-temporal adversarial contrastive learning paradigm for more accurate and robust video object grounding.

Causal Reasoning Meets Visual Representation Learning: A Prospective Study

This paper conducts a comprehensive review of existing causal reasoning methods for visual representation learning, covering fundamental theories, models, and datasets, and proposes some prospective challenges, opportunities, and future research directions for benchmarking causal reasoning algorithms inVisual representation learning.

EliMRec: Eliminating Single-modal Bias in Multimedia Recommendation

EliMRec is proposed, a generic and modal-agnostic framework to eliminate the single-modal bias in multimedia recommendation and enhances the bias-capture ability of a general multimedia recommendation framework and imagines several counterfactual worlds that control one modality variant with other modality fixed or blank.

Causal Reasoning with Spatial-temporal Representation Learning: A Prospective Study

This paper conducts a comprehensive review of existing causal reasoning methods for spatial-temporal representation learning, covering fundamental theories, models, and datasets, and proposes some primary challenges, opportunities, and future research directions for benchmarking causal reasoning algorithms in spatial- temporal representation learning.

Causal Intervention Improves Implicit Sentiment Analysis

This work proposes a CausaL intervention model for implicit sEntiment ANalysis using instrumental variable (CLEAN), and introduces instrumental variable to eliminate the confounding causal effects, thus extracting the pure causal effect between sentence and sentiment.

References

SHOWING 1-10 OF 106 REFERENCES

Adversarial Robustness through the Lens of Causality

This work constructs a causal graph to model the generation process of adversarial examples and defines the adversarial distribution to formalize the intuition of adversarian attacks and can be seen as the first attempt to leverage causality for mitigating adversarial vulnerability.

Mitigating adversarial effects through randomization

This paper proposes to utilize randomization at inference time to mitigate adversarial effects, and uses two randomization operations: random resizing, which resizes the input images to a random size, and random padding, which pads zeros around the input image in a random manner.

Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations

This paper breaks state-of-the-art adversarially-trained and certifiably-robust models by generating small perturbations that the models are (provably) robust to, yet that change an input's class according to human labelers.

Towards Deep Learning Models Resistant to Adversarial Attacks

This work studies the adversarial robustness of neural networks through the lens of robust optimization, and suggests the notion of security against a first-order adversary as a natural and broad security guarantee.

The Limitations of Adversarial Training and the Blind-Spot Attack

It is shown that the effectiveness of adversarial training has a strong correlation with the distance between a test point and the manifold of training data embedded by the network, and blind-spots also exist on provable defenses including (Wong & Kolter, 2018) and (Sinha et al., 2018).

Adversarial Risk and the Dangers of Evaluating Against Weak Attacks

This paper motivates the use of adversarial risk as an objective, although it cannot easily be computed exactly, and frames commonly used attacks and evaluation metrics as defining a tractable surrogate objective to the true adversarialrisk.

Adversarial Attacks on Neural Network Policies

This work shows existing adversarial example crafting techniques can be used to significantly degrade test-time performance of trained policies, even with small adversarial perturbations that do not interfere with human perception.

Ensemble Adversarial Training: Attacks and Defenses

This work finds that adversarial training remains vulnerable to black-box attacks, where perturbations computed on undefended models are transferred to a powerful novel single-step attack that escapes the non-smooth vicinity of the input data via a small random step.

PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples

Adversarial perturbations of normal images are usually imperceptible to humans, but they can seriously confuse state-of-the-art machine learning models. What makes them so special in the eyes of

Provable defenses against adversarial examples via the convex outer adversarial polytope

A method to learn deep ReLU-based classifiers that are provably robust against norm-bounded adversarial perturbations, and it is shown that the dual problem to this linear program can be represented itself as a deep network similar to the backpropagation network, leading to very efficient optimization approaches that produce guaranteed bounds on the robust loss.
...