Open-Set Adversarial Defense

Rui Shao; Pramuditha Perera; Pong Chi YUEN; Vishal M. Patel

doi:10.1007/978-3-030-58520-4_40

Open-Set Adversarial Defense

Rui Shao^*, Pramuditha Perera, Pong Chi YUEN, Vishal M. Patel

^*Corresponding author for this work

Department of Computer Science

Research output: Chapter in book/report/conference proceeding › Conference contribution › peer-review

3 Citations (Scopus)

Abstract

Open-set recognition and adversarial defense study two key aspects of deep learning that are vital for real-world deployment. The objective of open-set recognition is to identify samples from open-set classes during testing, while adversarial defense aims to defend the network against images with imperceptible adversarial perturbations. In this paper, we show that open-set recognition systems are vulnerable to adversarial attacks. Furthermore, we show that adversarial defense mechanisms trained on known classes do not generalize well to open-set samples. Motivated by this observation, we emphasize the need of an Open-Set Adversarial Defense (OSAD) mechanism. This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem. The proposed network uses an encoder with feature-denoising layers coupled with a classifier to learn a noise-free latent feature representation. Two techniques are employed to obtain an informative latent feature space with the objective of improving open-set performance. First, a decoder is used to ensure that clean images can be reconstructed from the obtained latent features. Then, self-supervision is used to ensure that the latent features are informative enough to carry out an auxiliary task. We introduce a testing protocol to evaluate OSAD performance and show the effectiveness of the proposed method in multiple object classification datasets. The implementation code of the proposed method is available at: https://github.com/rshaojimmy/ECCV2020-OSAD.

Original language	English
Title of host publication	Computer Vision – ECCV 2020
Subtitle of host publication	16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XVII
Editors	Andrea Vedaldi, Horst Bischof, Thomas Brox, Jan-Michael Frahm
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	682-698
Number of pages	17
Edition	1st
ISBN (Electronic)	9783030585204
ISBN (Print)	9783030585198
DOIs	https://doi.org/10.1007/978-3-030-58520-4_40
Publication status	Published - 19 Nov 2020
Event	16th European Conference on Computer Vision, ECCV 2020 - Glasgow, United Kingdom Duration: 23 Aug 2020 → 28 Aug 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12362 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th European Conference on Computer Vision, ECCV 2020
Country/Territory	United Kingdom
City	Glasgow
Period	23/08/20 → 28/08/20

Scopus Subject Areas

Theoretical Computer Science
Computer Science(all)

User-Defined Keywords

Adversarial defense
Open-set recognition

Access to Document

10.1007/978-3-030-58520-4_40

Cite this

Shao, R., Perera, P., YUEN, P. C., & Patel, V. M. (2020). Open-Set Adversarial Defense. In A. Vedaldi, H. Bischof, T. Brox, & J-M. Frahm (Eds.), Computer Vision – ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XVII (1st ed., pp. 682-698). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12362 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-58520-4_40

Shao, Rui ; Perera, Pramuditha ; YUEN, Pong Chi et al. / Open-Set Adversarial Defense. Computer Vision – ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XVII. editor / Andrea Vedaldi ; Horst Bischof ; Thomas Brox ; Jan-Michael Frahm. 1st. ed. Springer Science and Business Media Deutschland GmbH, 2020. pp. 682-698 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b95602b42a9f4c3c8503db9e5d9743fb,

title = "Open-Set Adversarial Defense",

abstract = "Open-set recognition and adversarial defense study two key aspects of deep learning that are vital for real-world deployment. The objective of open-set recognition is to identify samples from open-set classes during testing, while adversarial defense aims to defend the network against images with imperceptible adversarial perturbations. In this paper, we show that open-set recognition systems are vulnerable to adversarial attacks. Furthermore, we show that adversarial defense mechanisms trained on known classes do not generalize well to open-set samples. Motivated by this observation, we emphasize the need of an Open-Set Adversarial Defense (OSAD) mechanism. This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem. The proposed network uses an encoder with feature-denoising layers coupled with a classifier to learn a noise-free latent feature representation. Two techniques are employed to obtain an informative latent feature space with the objective of improving open-set performance. First, a decoder is used to ensure that clean images can be reconstructed from the obtained latent features. Then, self-supervision is used to ensure that the latent features are informative enough to carry out an auxiliary task. We introduce a testing protocol to evaluate OSAD performance and show the effectiveness of the proposed method in multiple object classification datasets. The implementation code of the proposed method is available at: https://github.com/rshaojimmy/ECCV2020-OSAD.",

keywords = "Adversarial defense, Open-set recognition",

author = "Rui Shao and Pramuditha Perera and YUEN, {Pong Chi} and Patel, {Vishal M.}",

note = "Funding Information: Acknowledgments. This work is partially supported by Research Grants Council (RGC/HKBU12200518), Hong Kong. Vishal M. Patel was supported by the DARPA GARD Program HR001119S0026-GARD-FP-052.; 16th European Conference on Computer Vision, ECCV 2020 ; Conference date: 23-08-2020 Through 28-08-2020",

year = "2020",

month = nov,

day = "19",

doi = "10.1007/978-3-030-58520-4_40",

language = "English",

isbn = "9783030585198",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "682--698",

editor = "Andrea Vedaldi and Horst Bischof and Thomas Brox and Jan-Michael Frahm",

booktitle = "Computer Vision – ECCV 2020",

address = "Germany",

edition = "1st",

}

Shao, R, Perera, P, YUEN, PC & Patel, VM 2020, Open-Set Adversarial Defense. in A Vedaldi, H Bischof, T Brox & J-M Frahm (eds), Computer Vision – ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XVII. 1st edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12362 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 682-698, 16th European Conference on Computer Vision, ECCV 2020, Glasgow, United Kingdom, 23/08/20. https://doi.org/10.1007/978-3-030-58520-4_40

Open-Set Adversarial Defense. / Shao, Rui; Perera, Pramuditha; YUEN, Pong Chi et al.

Computer Vision – ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XVII. ed. / Andrea Vedaldi; Horst Bischof; Thomas Brox; Jan-Michael Frahm. 1st. ed. Springer Science and Business Media Deutschland GmbH, 2020. p. 682-698 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12362 LNCS).

Research output: Chapter in book/report/conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Open-Set Adversarial Defense

AU - Shao, Rui

AU - Perera, Pramuditha

AU - YUEN, Pong Chi

AU - Patel, Vishal M.

N1 - Funding Information: Acknowledgments. This work is partially supported by Research Grants Council (RGC/HKBU12200518), Hong Kong. Vishal M. Patel was supported by the DARPA GARD Program HR001119S0026-GARD-FP-052.

PY - 2020/11/19

Y1 - 2020/11/19

N2 - Open-set recognition and adversarial defense study two key aspects of deep learning that are vital for real-world deployment. The objective of open-set recognition is to identify samples from open-set classes during testing, while adversarial defense aims to defend the network against images with imperceptible adversarial perturbations. In this paper, we show that open-set recognition systems are vulnerable to adversarial attacks. Furthermore, we show that adversarial defense mechanisms trained on known classes do not generalize well to open-set samples. Motivated by this observation, we emphasize the need of an Open-Set Adversarial Defense (OSAD) mechanism. This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem. The proposed network uses an encoder with feature-denoising layers coupled with a classifier to learn a noise-free latent feature representation. Two techniques are employed to obtain an informative latent feature space with the objective of improving open-set performance. First, a decoder is used to ensure that clean images can be reconstructed from the obtained latent features. Then, self-supervision is used to ensure that the latent features are informative enough to carry out an auxiliary task. We introduce a testing protocol to evaluate OSAD performance and show the effectiveness of the proposed method in multiple object classification datasets. The implementation code of the proposed method is available at: https://github.com/rshaojimmy/ECCV2020-OSAD.

AB - Open-set recognition and adversarial defense study two key aspects of deep learning that are vital for real-world deployment. The objective of open-set recognition is to identify samples from open-set classes during testing, while adversarial defense aims to defend the network against images with imperceptible adversarial perturbations. In this paper, we show that open-set recognition systems are vulnerable to adversarial attacks. Furthermore, we show that adversarial defense mechanisms trained on known classes do not generalize well to open-set samples. Motivated by this observation, we emphasize the need of an Open-Set Adversarial Defense (OSAD) mechanism. This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem. The proposed network uses an encoder with feature-denoising layers coupled with a classifier to learn a noise-free latent feature representation. Two techniques are employed to obtain an informative latent feature space with the objective of improving open-set performance. First, a decoder is used to ensure that clean images can be reconstructed from the obtained latent features. Then, self-supervision is used to ensure that the latent features are informative enough to carry out an auxiliary task. We introduce a testing protocol to evaluate OSAD performance and show the effectiveness of the proposed method in multiple object classification datasets. The implementation code of the proposed method is available at: https://github.com/rshaojimmy/ECCV2020-OSAD.

KW - Adversarial defense

KW - Open-set recognition

UR - http://www.scopus.com/inward/record.url?scp=85097054219&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-58520-4_40

DO - 10.1007/978-3-030-58520-4_40

M3 - Conference contribution

AN - SCOPUS:85097054219

SN - 9783030585198

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 682

EP - 698

BT - Computer Vision – ECCV 2020

A2 - Vedaldi, Andrea

A2 - Bischof, Horst

A2 - Brox, Thomas

A2 - Frahm, Jan-Michael

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th European Conference on Computer Vision, ECCV 2020

Y2 - 23 August 2020 through 28 August 2020

ER -

Shao R, Perera P, YUEN PC, Patel VM. Open-Set Adversarial Defense. In Vedaldi A, Bischof H, Brox T, Frahm J-M, editors, Computer Vision – ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XVII. 1st ed. Springer Science and Business Media Deutschland GmbH. 2020. p. 682-698. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-58520-4_40

Open-Set Adversarial Defense

Abstract

Publication series

Conference

Scopus Subject Areas

User-Defined Keywords

Access to Document

Other files and links

Fingerprint

Cite this