Synergy-of-Experts: Collaborate to Improve Adversarial Robustness

Sen Cui; Jingfeng Zhang; Jian Liang; Bo Han; Masashi Sugiyama; Changshui Zhang

Synergy-of-Experts: Collaborate to Improve Adversarial Robustness

Sen Cui, Jingfeng Zhang, Jian Liang, Bo Han, Masashi Sugiyama, Changshui Zhang

Department of Computer Science

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

5 Citations (Scopus)

Abstract

Learning adversarially robust models requires invariant predictions to a small neighborhood of its natural inputs, often encountering insufficient model capacity. There is research showing that learning multiple sub-models in an ensemble could mitigate this insufficiency, further improving the generalization and the robustness. However, the ensemble's voting-based strategy excludes the possibility that the true predictions remain with the minority. Therefore, this paper further improves the ensemble through a collaboration scheme-Synergy-of-Experts (SoE). Compared with the voting-based strategy, the SoE enables the possibility of correct predictions even if there exists a single correct sub-model. In SoE, every sub-model fits its specific vulnerability area and reserves the rest of the sub-models to fit other vulnerability areas, which effectively optimizes the utilization of the model capacity. Empirical experiments verify that SoE outperforms various ensemble methods against white-box and transfer-based adversarial attacks. The source codes are available at https://github.com/cuis15/synergy-of-experts.

Original language	English
Title of host publication	NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems
Editors	S. Koyejo, S. Mohamed, A. Agarwal, D. Belgrave, K. Cho, A. Oh
Publisher	Neural Information Processing Systems Foundation
Pages	32552-32567
Number of pages	16
ISBN (Print)	9781713871088
Publication status	Published - 28 Nov 2022
Event	36th Conference on Neural Information Processing Systems, NeurIPS 2022 - New Orleans Convention Center, New Orleans, United States Duration: 28 Nov 2022 → 9 Dec 2022 https://neurips.cc/Conferences/2022 (Conference Website) https://openreview.net/group?id=NeurIPS.cc/2022/Conference (Conference Proceedings) https://proceedings.neurips.cc/paper_files/paper/2022 (Conference Proceedings)

Publication series

Name	Advances in Neural Information Processing Systems
Volume	35
ISSN (Print)	1049-5258

Conference

Conference	36th Conference on Neural Information Processing Systems, NeurIPS 2022
Country/Territory	United States
City	New Orleans
Period	28/11/22 → 9/12/22
Internet address	https://neurips.cc/Conferences/2022 (Conference Website) https://openreview.net/group?id=NeurIPS.cc/2022/Conference (Conference Proceedings) https://proceedings.neurips.cc/paper_files/paper/2022 (Conference Proceedings)

Access to Document

Cite this

Cui, S., Zhang, J., Liang, J., Han, B., Sugiyama, M., & Zhang, C. (2022). Synergy-of-Experts: Collaborate to Improve Adversarial Robustness. In S. Koyejo, S. Mohamed, A. Agarwal, D. Belgrave, K. Cho, & A. Oh (Eds.), NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems (pp. 32552-32567). Article 2359 (Advances in Neural Information Processing Systems; Vol. 35). Neural Information Processing Systems Foundation. https://proceedings.neurips.cc/paper_files/paper/2022/file/d16152d53088ad779ffa634e7bf66166-Paper-Conference.pdf

Cui, Sen ; Zhang, Jingfeng ; Liang, Jian et al. / Synergy-of-Experts : Collaborate to Improve Adversarial Robustness. NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems. editor / S. Koyejo ; S. Mohamed ; A. Agarwal ; D. Belgrave ; K. Cho ; A. Oh. Neural Information Processing Systems Foundation, 2022. pp. 32552-32567 (Advances in Neural Information Processing Systems).

@inproceedings{d2c37ba09ff8471fae4e7b89fd86a882,

title = "Synergy-of-Experts: Collaborate to Improve Adversarial Robustness",

abstract = "Learning adversarially robust models requires invariant predictions to a small neighborhood of its natural inputs, often encountering insufficient model capacity. There is research showing that learning multiple sub-models in an ensemble could mitigate this insufficiency, further improving the generalization and the robustness. However, the ensemble's voting-based strategy excludes the possibility that the true predictions remain with the minority. Therefore, this paper further improves the ensemble through a collaboration scheme-Synergy-of-Experts (SoE). Compared with the voting-based strategy, the SoE enables the possibility of correct predictions even if there exists a single correct sub-model. In SoE, every sub-model fits its specific vulnerability area and reserves the rest of the sub-models to fit other vulnerability areas, which effectively optimizes the utilization of the model capacity. Empirical experiments verify that SoE outperforms various ensemble methods against white-box and transfer-based adversarial attacks. The source codes are available at https://github.com/cuis15/synergy-of-experts.",

author = "Sen Cui and Jingfeng Zhang and Jian Liang and Bo Han and Masashi Sugiyama and Changshui Zhang",

note = "Funding Information: We would like to thank the anonymous reviewers of NeurIPS 2022 for their constructive comments. Sen Cui and Changshui Zhang would like to acknowledge the funding by the Natural Science Fundation of China (NSFC. No. 62176132). Bo Han was supported by the RGC ECS No. 22200720, NSFC YSF No. 62006202, Guangdong Basic and Applied Basic Research Foundation No. 2022A1515011652, and RIKEN Collaborative Research Fund. Jingfeng Zhang was supported by JST ACT-X Grant Number JPMJAX21AF and JSPS KAKENHI Grant Number 22K17955, Japan. Masashi Sugiyama was supported by JST AIP Acceleration Research Grant Number JPMJCR20U3 and the Institute for AI and Beyond, UTokyo, Japan. Publisher Copyright: {\textcopyright} 2022 Neural information processing systems foundation. All rights reserved.; 36th Conference on Neural Information Processing Systems, NeurIPS 2022 ; Conference date: 28-11-2022 Through 09-12-2022",

year = "2022",

month = nov,

day = "28",

language = "English",

isbn = "9781713871088",

series = "Advances in Neural Information Processing Systems",

publisher = "Neural Information Processing Systems Foundation",

pages = "32552--32567",

editor = "S. Koyejo and S. Mohamed and A. Agarwal and D. Belgrave and K. Cho and A. Oh",

booktitle = "NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems",

address = "United States",

url = "https://neurips.cc/Conferences/2022, https://openreview.net/group?id=NeurIPS.cc/2022/Conference, https://proceedings.neurips.cc/paper_files/paper/2022",

}

Cui, S, Zhang, J, Liang, J, Han, B, Sugiyama, M & Zhang, C 2022, Synergy-of-Experts: Collaborate to Improve Adversarial Robustness. in S Koyejo, S Mohamed, A Agarwal, D Belgrave, K Cho & A Oh (eds), NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems., 2359, Advances in Neural Information Processing Systems, vol. 35, Neural Information Processing Systems Foundation, pp. 32552-32567, 36th Conference on Neural Information Processing Systems, NeurIPS 2022, New Orleans, Louisiana, United States, 28/11/22. <https://proceedings.neurips.cc/paper_files/paper/2022/file/d16152d53088ad779ffa634e7bf66166-Paper-Conference.pdf>

Synergy-of-Experts: Collaborate to Improve Adversarial Robustness. / Cui, Sen; Zhang, Jingfeng; Liang, Jian et al.
NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems. ed. / S. Koyejo; S. Mohamed; A. Agarwal; D. Belgrave; K. Cho; A. Oh. Neural Information Processing Systems Foundation, 2022. p. 32552-32567 2359 (Advances in Neural Information Processing Systems; Vol. 35).

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

TY - GEN

T1 - Synergy-of-Experts

T2 - 36th Conference on Neural Information Processing Systems, NeurIPS 2022

AU - Cui, Sen

AU - Zhang, Jingfeng

AU - Liang, Jian

AU - Han, Bo

AU - Sugiyama, Masashi

AU - Zhang, Changshui

N1 - Funding Information: We would like to thank the anonymous reviewers of NeurIPS 2022 for their constructive comments. Sen Cui and Changshui Zhang would like to acknowledge the funding by the Natural Science Fundation of China (NSFC. No. 62176132). Bo Han was supported by the RGC ECS No. 22200720, NSFC YSF No. 62006202, Guangdong Basic and Applied Basic Research Foundation No. 2022A1515011652, and RIKEN Collaborative Research Fund. Jingfeng Zhang was supported by JST ACT-X Grant Number JPMJAX21AF and JSPS KAKENHI Grant Number 22K17955, Japan. Masashi Sugiyama was supported by JST AIP Acceleration Research Grant Number JPMJCR20U3 and the Institute for AI and Beyond, UTokyo, Japan. Publisher Copyright: © 2022 Neural information processing systems foundation. All rights reserved.

PY - 2022/11/28

Y1 - 2022/11/28

N2 - Learning adversarially robust models requires invariant predictions to a small neighborhood of its natural inputs, often encountering insufficient model capacity. There is research showing that learning multiple sub-models in an ensemble could mitigate this insufficiency, further improving the generalization and the robustness. However, the ensemble's voting-based strategy excludes the possibility that the true predictions remain with the minority. Therefore, this paper further improves the ensemble through a collaboration scheme-Synergy-of-Experts (SoE). Compared with the voting-based strategy, the SoE enables the possibility of correct predictions even if there exists a single correct sub-model. In SoE, every sub-model fits its specific vulnerability area and reserves the rest of the sub-models to fit other vulnerability areas, which effectively optimizes the utilization of the model capacity. Empirical experiments verify that SoE outperforms various ensemble methods against white-box and transfer-based adversarial attacks. The source codes are available at https://github.com/cuis15/synergy-of-experts.

AB - Learning adversarially robust models requires invariant predictions to a small neighborhood of its natural inputs, often encountering insufficient model capacity. There is research showing that learning multiple sub-models in an ensemble could mitigate this insufficiency, further improving the generalization and the robustness. However, the ensemble's voting-based strategy excludes the possibility that the true predictions remain with the minority. Therefore, this paper further improves the ensemble through a collaboration scheme-Synergy-of-Experts (SoE). Compared with the voting-based strategy, the SoE enables the possibility of correct predictions even if there exists a single correct sub-model. In SoE, every sub-model fits its specific vulnerability area and reserves the rest of the sub-models to fit other vulnerability areas, which effectively optimizes the utilization of the model capacity. Empirical experiments verify that SoE outperforms various ensemble methods against white-box and transfer-based adversarial attacks. The source codes are available at https://github.com/cuis15/synergy-of-experts.

UR - http://www.scopus.com/inward/record.url?scp=85163195823&partnerID=8YFLogxK

UR - https://proceedings.neurips.cc/paper_files/paper/2022/hash/d16152d53088ad779ffa634e7bf66166-Abstract-Conference.html

M3 - Conference proceeding

AN - SCOPUS:85163195823

SN - 9781713871088

T3 - Advances in Neural Information Processing Systems

SP - 32552

EP - 32567

BT - NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems

A2 - Koyejo, S.

A2 - Mohamed, S.

A2 - Agarwal, A.

A2 - Belgrave, D.

A2 - Cho, K.

A2 - Oh, A.

PB - Neural Information Processing Systems Foundation

Y2 - 28 November 2022 through 9 December 2022

ER -

Cui S, Zhang J, Liang J, Han B, Sugiyama M, Zhang C. Synergy-of-Experts: Collaborate to Improve Adversarial Robustness. In Koyejo S, Mohamed S, Agarwal A, Belgrave D, Cho K, Oh A, editors, NIPS '22: Proceedings of the 36th International Conference on Neural Information Processing Systems. Neural Information Processing Systems Foundation. 2022. p. 32552-32567. 2359. (Advances in Neural Information Processing Systems).

Synergy-of-Experts: Collaborate to Improve Adversarial Robustness

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this