TopKConv: Increased Adversarial Robustness Through Deeper Interpretability

Henry Eigen, Amir Sadovnik

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Vulnerability to adversarial inputs remains an issue for deep neural networks. Attackers can slightly modify inputs in order to cause adverse behavior in otherwise highly accurate networks. In addition to making these networks less secure for real world applications, this also emphasizes a misalignment between the features the network uses to make decisions and the ones humans use. In this work we propose that more interpretable networks should yield more robust ones since they are able to rely on features that are more understandable to humans. More specifically, we take inspiration from interpretability based approaches to adversarial robustness, and propose a sparsity based defense to counter the impact of overparameterization on adversarial vulnerability. Building off of the work of the Dynamic-K algorithm, which introduces dynamic routing to fully connected layers in order to encourage sparse, interpretable predictions, we propose TopKConv, a novel method of reducing the number of activation channels used to construct each convolutional feature map. The incorporation of TopKConv alongside Dynamic-k results in a significant increase in adversarial accuracy at no cost to benign accuracy. Further, this is achieved with no fine tuning of or adversarial training.

Original languageEnglish
Title of host publicationProceedings - 20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021
EditorsM. Arif Wani, Ishwar K. Sethi, Weisong Shi, Guangzhi Qu, Daniela Stan Raicu, Ruoming Jin
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages15-22
Number of pages8
ISBN (Electronic)9781665443371
DOIs
StatePublished - 2021
Externally publishedYes
Event20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021 - Virtual, Online, United States
Duration: Dec 13 2021Dec 16 2021

Publication series

NameProceedings - 20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021

Conference

Conference20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021
Country/TerritoryUnited States
CityVirtual, Online
Period12/13/2112/16/21

Keywords

  • Adversarial defense
  • Dynamic routing
  • Sparse training

Fingerprint

Dive into the research topics of 'TopKConv: Increased Adversarial Robustness Through Deeper Interpretability'. Together they form a unique fingerprint.

Cite this