Abstract
Learning adversarially robust models requires invariant predictions to a small neighborhood of its natural inputs, often encountering insufficient model capacity. There is research showing that learning multiple sub-models in an ensemble could mitigate this insufficiency, further improving the generalization and the robustness. However, the ensemble's voting-based strategy excludes the possibility that the true predictions remain with the minority. Therefore, this paper further improves the ensemble through a collaboration scheme-Synergy-of-Experts (SoE). Compared with the voting-based strategy, the SoE enables the possibility of correct predictions even if there exists a single correct sub-model. In SoE, every sub-model fits its specific vulnerability area and reserves the rest of the sub-models to fit other vulnerability areas, which effectively optimizes the utilization of the model capacity. Empirical experiments verify that SoE outperforms various ensemble methods against white-box and transfer-based adversarial attacks. The source codes are available at https://github.com/cuis15/synergy-of-experts.
Original language | English |
---|---|
Title of host publication | NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems |
Editors | S. Koyejo, S. Mohamed, A. Agarwal, D. Belgrave, K. Cho, A. Oh |
Publisher | Neural information processing systems foundation |
Pages | 32552-32567 |
Number of pages | 16 |
ISBN (Print) | 9781713871088 |
Publication status | Published - 28 Nov 2022 |
Event | 36th Conference on Neural Information Processing Systems, NeurIPS 2022 - New Orleans Convention Center, New Orleans, United States Duration: 28 Nov 2022 → 9 Dec 2022 https://neurips.cc/Conferences/2022 https://openreview.net/group?id=NeurIPS.cc/2022/Conference https://proceedings.neurips.cc/paper_files/paper/2022 |
Publication series
Name | Advances in Neural Information Processing Systems |
---|---|
Volume | 35 |
ISSN (Print) | 1049-5258 |
Conference
Conference | 36th Conference on Neural Information Processing Systems, NeurIPS 2022 |
---|---|
Country/Territory | United States |
City | New Orleans |
Period | 28/11/22 → 9/12/22 |
Internet address |
Scopus Subject Areas
- Computer Networks and Communications
- Information Systems
- Signal Processing