Adversarial robustness and generalization
| dc.contributor | Graduate program in Computer Engineering. | |
| dc.contributor.advisor | Baytaş, İnci Meliha. | |
| dc.contributor.author | Serbes, Duygu. | |
| dc.date.accessioned | 2025-04-14T12:09:51Z | |
| dc.date.available | 2025-04-14T12:09:51Z | |
| dc.date.issued | 2023 | |
| dc.description.abstract | In light of recent discoveries regarding adversarial attacks, the necessity for robust models in deep learning has become increasingly critical. Adversarial training is considered one of the most effective approaches to defending against such attacks. However, a key challenge of it is the trade-off between adversarial robustness and generalization. The generalizability of robust models in adversarial training is affected by the diversity of perturbations, as they can overfit if the model only learns a limited attack pattern. Although stronger attacks can enhance robustness, their use may cause performance drops when classifying natural images. This thesis investigates the factors that affect the success of adversarial training and proposes solutions to mitigate some of these factors by utilizing new attack augmentation and generation methods. In that regard, we propose an adversarial training method that enhances adversarial directions by augmenting them from a one-step attack. The proposed framework is inspired by the feature scattering adversarial training and generates a principal adversarial direction based on the distance of the inter-sample relationships in a perturbed mini-batch. The principal direction is augmented by sampling new adversarial directions in a 45-degree region from it. The proposed method does not necessitate additional backpropagation steps than feature scattering. Experimental results on popular benchmark datasets indicate that the method consistently improves adversarial robustness without sacrificing natural accuracy. Furthermore, in this thesis, we propose integrating generalization-boosting techniques, namely mixup and shiftinvariance, into the adversarial training framework. The proposed techniques aim to improve the data representations and robustness of models through convex data augmentation and by making the models invariant to small shifts. The effectiveness of our proposals is evaluated under white-box attacks on benchmark datasets. | |
| dc.format.pages | xv, 68 leaves | |
| dc.identifier.other | Graduate program in Computer Engineering. TKL 2023 U68 PhD (Thes ED 2023 P35 | |
| dc.identifier.uri | https://digitalarchive.library.bogazici.edu.tr/handle/123456789/21497 | |
| dc.publisher | Thesis (M.S.) - Bogazici University. Institute for Graduate Studies in Science and Engineering, 2023. | |
| dc.subject.lcsh | Deep learning (Machine learning) | |
| dc.subject.lcsh | Robust optimization. | |
| dc.subject.lcsh | Adversarial robustness. | |
| dc.title | Adversarial robustness and generalization |
Files
Original bundle
1 - 1 of 1