Improving Neural Network Robustness Through Neighborhood Preserving Layers

Bingyuan Liu; Christopher Malon; Lingzhou Xue; Erik Kruus

doi:10.1007/978-3-030-68780-9_17

Improving Neural Network Robustness Through Neighborhood Preserving Layers

Bingyuan Liu, Christopher Malon, Lingzhou Xue, Erik Kruus

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

One major source of vulnerability of neural nets in classification tasks is from overparameterized fully connected layers near the end of the network. In this paper, we propose a new neighborhood preserving layer which can replace these fully connected layers to improve the network robustness. Networks including these neighborhood preserving layers can be trained efficiently. We theoretically prove that our proposed layers are more robust against distortion because they effectively control the magnitude of gradients. Finally, we empirically show that networks with our proposed layers are more robust against state-of-the-art gradient descent based attacks, such as a PGD attack on the benchmark image classification datasets MNIST and CIFAR10.

Original language	English (US)
Title of host publication	Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings
Editors	Alberto Del Bimbo, Rita Cucchiara, Stan Sclaroff, Giovanni Maria Farinella, Tao Mei, Marco Bertini, Hugo Jair Escalante, Roberto Vezzani
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	179-195
Number of pages	17
ISBN (Print)	9783030687793
DOIs	https://doi.org/10.1007/978-3-030-68780-9_17
State	Published - 2021
Event	25th International Conference on Pattern Recognition Workshops, ICPR 2020 - Virtual, Online Duration: Jan 10 2021 → Jan 15 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12666 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	25th International Conference on Pattern Recognition Workshops, ICPR 2020
City	Virtual, Online
Period	1/10/21 → 1/15/21

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-68780-9_17

Cite this

Liu, B., Malon, C., Xue, L., & Kruus, E. (2021). Improving Neural Network Robustness Through Neighborhood Preserving Layers. In A. Del Bimbo, R. Cucchiara, S. Sclaroff, G. M. Farinella, T. Mei, M. Bertini, H. J. Escalante, & R. Vezzani (Eds.), Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings (pp. 179-195). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12666 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-68780-9_17

Liu, Bingyuan ; Malon, Christopher ; Xue, Lingzhou et al. / Improving Neural Network Robustness Through Neighborhood Preserving Layers. Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings. editor / Alberto Del Bimbo ; Rita Cucchiara ; Stan Sclaroff ; Giovanni Maria Farinella ; Tao Mei ; Marco Bertini ; Hugo Jair Escalante ; Roberto Vezzani. Springer Science and Business Media Deutschland GmbH, 2021. pp. 179-195 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d1c4fc9ff63942d9be429c47262f25fd,

title = "Improving Neural Network Robustness Through Neighborhood Preserving Layers",

abstract = "One major source of vulnerability of neural nets in classification tasks is from overparameterized fully connected layers near the end of the network. In this paper, we propose a new neighborhood preserving layer which can replace these fully connected layers to improve the network robustness. Networks including these neighborhood preserving layers can be trained efficiently. We theoretically prove that our proposed layers are more robust against distortion because they effectively control the magnitude of gradients. Finally, we empirically show that networks with our proposed layers are more robust against state-of-the-art gradient descent based attacks, such as a PGD attack on the benchmark image classification datasets MNIST and CIFAR10.",

author = "Bingyuan Liu and Christopher Malon and Lingzhou Xue and Erik Kruus",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 25th International Conference on Pattern Recognition Workshops, ICPR 2020 ; Conference date: 10-01-2021 Through 15-01-2021",

year = "2021",

doi = "10.1007/978-3-030-68780-9_17",

language = "English (US)",

isbn = "9783030687793",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "179--195",

editor = "{Del Bimbo}, Alberto and Rita Cucchiara and Stan Sclaroff and Farinella, {Giovanni Maria} and Tao Mei and Marco Bertini and Escalante, {Hugo Jair} and Roberto Vezzani",

booktitle = "Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings",

address = "Germany",

}

Liu, B, Malon, C, Xue, L & Kruus, E 2021, Improving Neural Network Robustness Through Neighborhood Preserving Layers. in A Del Bimbo, R Cucchiara, S Sclaroff, GM Farinella, T Mei, M Bertini, HJ Escalante & R Vezzani (eds), Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12666 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 179-195, 25th International Conference on Pattern Recognition Workshops, ICPR 2020, Virtual, Online, 1/10/21. https://doi.org/10.1007/978-3-030-68780-9_17

Improving Neural Network Robustness Through Neighborhood Preserving Layers. / Liu, Bingyuan; Malon, Christopher; Xue, Lingzhou et al.
Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings. ed. / Alberto Del Bimbo; Rita Cucchiara; Stan Sclaroff; Giovanni Maria Farinella; Tao Mei; Marco Bertini; Hugo Jair Escalante; Roberto Vezzani. Springer Science and Business Media Deutschland GmbH, 2021. p. 179-195 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12666 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Improving Neural Network Robustness Through Neighborhood Preserving Layers

AU - Liu, Bingyuan

AU - Malon, Christopher

AU - Xue, Lingzhou

AU - Kruus, Erik

PY - 2021

Y1 - 2021

N2 - One major source of vulnerability of neural nets in classification tasks is from overparameterized fully connected layers near the end of the network. In this paper, we propose a new neighborhood preserving layer which can replace these fully connected layers to improve the network robustness. Networks including these neighborhood preserving layers can be trained efficiently. We theoretically prove that our proposed layers are more robust against distortion because they effectively control the magnitude of gradients. Finally, we empirically show that networks with our proposed layers are more robust against state-of-the-art gradient descent based attacks, such as a PGD attack on the benchmark image classification datasets MNIST and CIFAR10.

AB - One major source of vulnerability of neural nets in classification tasks is from overparameterized fully connected layers near the end of the network. In this paper, we propose a new neighborhood preserving layer which can replace these fully connected layers to improve the network robustness. Networks including these neighborhood preserving layers can be trained efficiently. We theoretically prove that our proposed layers are more robust against distortion because they effectively control the magnitude of gradients. Finally, we empirically show that networks with our proposed layers are more robust against state-of-the-art gradient descent based attacks, such as a PGD attack on the benchmark image classification datasets MNIST and CIFAR10.

UR - http://www.scopus.com/inward/record.url?scp=85103238965&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85103238965&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-68780-9_17

DO - 10.1007/978-3-030-68780-9_17

M3 - Conference contribution

AN - SCOPUS:85103238965

SN - 9783030687793

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 179

EP - 195

BT - Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings

A2 - Del Bimbo, Alberto

A2 - Cucchiara, Rita

A2 - Sclaroff, Stan

A2 - Farinella, Giovanni Maria

A2 - Mei, Tao

A2 - Bertini, Marco

A2 - Escalante, Hugo Jair

A2 - Vezzani, Roberto

PB - Springer Science and Business Media Deutschland GmbH

T2 - 25th International Conference on Pattern Recognition Workshops, ICPR 2020

Y2 - 10 January 2021 through 15 January 2021

ER -

Liu B, Malon C, Xue L, Kruus E. Improving Neural Network Robustness Through Neighborhood Preserving Layers. In Del Bimbo A, Cucchiara R, Sclaroff S, Farinella GM, Mei T, Bertini M, Escalante HJ, Vezzani R, editors, Pattern Recognition. ICPR International Workshops and Challenges, 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 179-195. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-68780-9_17

Improving Neural Network Robustness Through Neighborhood Preserving Layers

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this