Escaping Adversarial Attacks with Egyptian Mirrors

Olga Saukh

doi:10.1145/3615593.3615724

Escaping Adversarial Attacks with Egyptian Mirrors

Olga Saukh^*

^*Corresponding author for this work

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo permutation invariance. Egyptian Mirrors defense escapes adversarial attacks by moving along linear paths between pair-wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8% and 33% test accuracy on 2-layer MLP and VGG11 architectures trained on GTSRB and CIFAR10 datasets respectively.

Original language	English
Title of host publication	ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023
Publisher	Association for Computing Machinery (ACM)
Pages	131-136
Number of pages	6
ISBN (Electronic)	9798400703447
DOIs	https://doi.org/10.1145/3615593.3615724
Publication status	Published - 12 Mar 2024
Event	2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023, Collocated with ACM MobiCom 2023 - Madrid, Spain Duration: 2 Oct 2023 → 2 Oct 2023

Publication series

Name	ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023

Conference

Conference	2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023, Collocated with ACM MobiCom 2023
Country/Territory	Spain
City	Madrid
Period	2/10/23 → 2/10/23

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Safety, Risk, Reliability and Quality

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1145/3615593.3615724Licence: CC BY 4.0

3615593.3615724Final published version, 809 KBLicence: CC BY 4.0

Cite this

Saukh, O. (2024). Escaping Adversarial Attacks with Egyptian Mirrors. In ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023 (pp. 131-136). (ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023). Association for Computing Machinery (ACM). https://doi.org/10.1145/3615593.3615724

Escaping Adversarial Attacks with Egyptian Mirrors. / Saukh, Olga.
ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023. Association for Computing Machinery (ACM), 2024. p. 131-136 (ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Saukh, O 2024, Escaping Adversarial Attacks with Egyptian Mirrors. in ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023. ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023, Association for Computing Machinery (ACM), pp. 131-136, 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023, Collocated with ACM MobiCom 2023, Madrid, Spain, 2/10/23. https://doi.org/10.1145/3615593.3615724

Saukh O. Escaping Adversarial Attacks with Egyptian Mirrors. In ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023. Association for Computing Machinery (ACM). 2024. p. 131-136. (ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023). Epub 2023 Oct 6. doi: 10.1145/3615593.3615724

Saukh, Olga. / Escaping Adversarial Attacks with Egyptian Mirrors. ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023. Association for Computing Machinery (ACM), 2024. pp. 131-136 (ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023).

@inproceedings{ea4982d40225493ca094686e1d055e18,

title = "Escaping Adversarial Attacks with Egyptian Mirrors",

abstract = "Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo permutation invariance. Egyptian Mirrors defense escapes adversarial attacks by moving along linear paths between pair-wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8\% and 33\% test accuracy on 2-layer MLP and VGG11 architectures trained on GTSRB and CIFAR10 datasets respectively.",

author = "Olga Saukh",

note = "Publisher Copyright: {\textcopyright} 2023 Owner/Author.; 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023, Collocated with ACM MobiCom 2023 ; Conference date: 02-10-2023 Through 02-10-2023",

year = "2024",

month = mar,

day = "12",

doi = "10.1145/3615593.3615724",

language = "English",

series = "ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023",

publisher = "Association for Computing Machinery (ACM)",

pages = "131--136",

booktitle = "ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023",

address = "United States",

}

TY - GEN

T1 - Escaping Adversarial Attacks with Egyptian Mirrors

AU - Saukh, Olga

PY - 2024/3/12

Y1 - 2024/3/12

N2 - Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo permutation invariance. Egyptian Mirrors defense escapes adversarial attacks by moving along linear paths between pair-wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8% and 33% test accuracy on 2-layer MLP and VGG11 architectures trained on GTSRB and CIFAR10 datasets respectively.

AB - Adversarial robustness received significant attention over the past years, due to its critical practical role. Complementary to the existing literature on adversarial training, we explore weight-space ensembles of independently trained models. We propose a defense against adversarial examples which takes advantage of the latest empirical findings on linear mode connectivity of overparameterized models modulo permutation invariance. Egyptian Mirrors defense escapes adversarial attacks by moving along linear paths between pair-wise aligned functionally diverse models, while frequently and arbitrary changing ensembling direction. We evaluate the proposed defense using adversarial examples generated by FGSM and PGD attacks and show improvements up to 8% and 33% test accuracy on 2-layer MLP and VGG11 architectures trained on GTSRB and CIFAR10 datasets respectively.

UR - https://www.scopus.com/pages/publications/85188815307

U2 - 10.1145/3615593.3615724

DO - 10.1145/3615593.3615724

M3 - Conference paper

AN - SCOPUS:85188815307

T3 - ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023

SP - 131

EP - 136

BT - ACM MobiCom 2023 - Proceedings of the 2023 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023

PB - Association for Computing Machinery (ACM)

T2 - 2nd ACM Workshop on Data Privacy and Federated Learning Technologies for Mobile Edge Network, FedEdge 2023, Collocated with ACM MobiCom 2023

Y2 - 2 October 2023 through 2 October 2023

ER -

Escaping Adversarial Attacks with Egyptian Mirrors

Abstract

Publication series

Conference

ASJC Scopus subject areas

Fields of Expertise

Access to Document

Other files and links

Fingerprint

Cite this