M.S. Theses

Permanent URI for this collection

https://digitalarchive.library.bogazici.edu.tr/handle/123456789/11645

Browse

Browsing M.S. Theses by Subject "Adversarial robustness."

Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    Adversarial robustness and generalization
    (Thesis (M.S.) - Bogazici University. Institute for Graduate Studies in Science and Engineering, 2023., 2023) Serbes, Duygu.; Baytaş, İnci Meliha.
    In light of recent discoveries regarding adversarial attacks, the necessity for robust models in deep learning has become increasingly critical. Adversarial training is considered one of the most effective approaches to defending against such attacks. However, a key challenge of it is the trade-off between adversarial robustness and generalization. The generalizability of robust models in adversarial training is affected by the diversity of perturbations, as they can overfit if the model only learns a limited attack pattern. Although stronger attacks can enhance robustness, their use may cause performance drops when classifying natural images. This thesis investigates the factors that affect the success of adversarial training and proposes solutions to mitigate some of these factors by utilizing new attack augmentation and generation methods. In that regard, we propose an adversarial training method that enhances adversarial directions by augmenting them from a one-step attack. The proposed framework is inspired by the feature scattering adversarial training and generates a principal adversarial direction based on the distance of the inter-sample relationships in a perturbed mini-batch. The principal direction is augmented by sampling new adversarial directions in a 45-degree region from it. The proposed method does not necessitate additional backpropagation steps than feature scattering. Experimental results on popular benchmark datasets indicate that the method consistently improves adversarial robustness without sacrificing natural accuracy. Furthermore, in this thesis, we propose integrating generalization-boosting techniques, namely mixup and shiftinvariance, into the adversarial training framework. The proposed techniques aim to improve the data representations and robustness of models through convex data augmentation and by making the models invariant to small shifts. The effectiveness of our proposals is evaluated under white-box attacks on benchmark datasets.