Assessing Neural Network Robustness via Adversarial Pivotal Tuning

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Standard

Assessing Neural Network Robustness via Adversarial Pivotal Tuning. / Christensen, Peter Ebert; Snæbjarnarson, Vésteinn; Dittadi, Andrea; Belongie, Serge; Benaim, Sagie.

Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV). IEEE, 2024. p. 2952-2961.

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Harvard

Christensen, PE, Snæbjarnarson, V, Dittadi, A, Belongie, S & Benaim, S 2024, Assessing Neural Network Robustness via Adversarial Pivotal Tuning. in Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV). IEEE, pp. 2952-2961, WACV 2024 - IEEE/CVF Winter Conference on Applications of Computer Vision , Waikola, Hawaii, United States, 04/01/2024. <https://openaccess.thecvf.com/content/WACV2024/html/Christensen_Assessing_Neural_Network_Robustness_via_Adversarial_Pivotal_Tuning_WACV_2024_paper.html>

APA

Christensen, P. E., Snæbjarnarson, V., Dittadi, A., Belongie, S., & Benaim, S. (2024). Assessing Neural Network Robustness via Adversarial Pivotal Tuning. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV) (pp. 2952-2961). IEEE. https://openaccess.thecvf.com/content/WACV2024/html/Christensen_Assessing_Neural_Network_Robustness_via_Adversarial_Pivotal_Tuning_WACV_2024_paper.html

Vancouver

Christensen PE, Snæbjarnarson V, Dittadi A, Belongie S, Benaim S. Assessing Neural Network Robustness via Adversarial Pivotal Tuning. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV). IEEE. 2024. p. 2952-2961

Author

Christensen, Peter Ebert ; Snæbjarnarson, Vésteinn ; Dittadi, Andrea ; Belongie, Serge ; Benaim, Sagie. / Assessing Neural Network Robustness via Adversarial Pivotal Tuning. Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV). IEEE, 2024. pp. 2952-2961

Bibtex

@inproceedings{dd5924f4d91d4e919fb1a39347a01dc9,
title = "Assessing Neural Network Robustness via Adversarial Pivotal Tuning",
abstract = "The robustness of image classifiers is essential to their deployment in the real world. The ability to assess this resilience to manipulations or deviations from the training data is thus crucial. These modifications have traditionally consisted of minimal changes that still manage to fool classifiers, and modern approaches are increasingly robust to them. Semantic manipulations that modify elements of an image in meaningful ways have thus gained traction for this purpose. However, they have primarily been limited to style, color, or attribute changes. While expressive, these manipulations do not make use of the full capabilities of a pretrained generative model. In this work, we aim to bridge this gap. We show how a pretrained image generator can be used to semantically manipulate images in a detailed, diverse, and photorealistic way while still preserving the class of the original image. Inspired by recent GAN-based image inversion methods, we propose a method called Adversarial Pivotal Tuning (APT). Given an image, APT first finds a pivot latent space input that reconstructs the image using a pretrained generator. It then adjusts the generator's weights to create small yet semantic manipulations in order to fool a pretrained classifier. APT preserves the full expressive editing capabilities of the generative model. We demonstrate that APT is capable of a wide range of class-preserving semantic image manipulations that fool a variety of pretrained classifiers. Finally, we show that classifiers that are robust to other benchmarks are not robust to APT manipulations and suggest a method to improve them.",
author = "Christensen, {Peter Ebert} and V{\'e}steinn Sn{\ae}bjarnarson and Andrea Dittadi and Serge Belongie and Sagie Benaim",
year = "2024",
language = "English",
pages = "2952--2961",
booktitle = "Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV)",
publisher = "IEEE",
note = "WACV 2024 - IEEE/CVF Winter Conference on Applications of Computer Vision ; Conference date: 04-01-2024 Through 08-01-2024",

}

RIS

TY - GEN

T1 - Assessing Neural Network Robustness via Adversarial Pivotal Tuning

AU - Christensen, Peter Ebert

AU - Snæbjarnarson, Vésteinn

AU - Dittadi, Andrea

AU - Belongie, Serge

AU - Benaim, Sagie

PY - 2024

Y1 - 2024

N2 - The robustness of image classifiers is essential to their deployment in the real world. The ability to assess this resilience to manipulations or deviations from the training data is thus crucial. These modifications have traditionally consisted of minimal changes that still manage to fool classifiers, and modern approaches are increasingly robust to them. Semantic manipulations that modify elements of an image in meaningful ways have thus gained traction for this purpose. However, they have primarily been limited to style, color, or attribute changes. While expressive, these manipulations do not make use of the full capabilities of a pretrained generative model. In this work, we aim to bridge this gap. We show how a pretrained image generator can be used to semantically manipulate images in a detailed, diverse, and photorealistic way while still preserving the class of the original image. Inspired by recent GAN-based image inversion methods, we propose a method called Adversarial Pivotal Tuning (APT). Given an image, APT first finds a pivot latent space input that reconstructs the image using a pretrained generator. It then adjusts the generator's weights to create small yet semantic manipulations in order to fool a pretrained classifier. APT preserves the full expressive editing capabilities of the generative model. We demonstrate that APT is capable of a wide range of class-preserving semantic image manipulations that fool a variety of pretrained classifiers. Finally, we show that classifiers that are robust to other benchmarks are not robust to APT manipulations and suggest a method to improve them.

AB - The robustness of image classifiers is essential to their deployment in the real world. The ability to assess this resilience to manipulations or deviations from the training data is thus crucial. These modifications have traditionally consisted of minimal changes that still manage to fool classifiers, and modern approaches are increasingly robust to them. Semantic manipulations that modify elements of an image in meaningful ways have thus gained traction for this purpose. However, they have primarily been limited to style, color, or attribute changes. While expressive, these manipulations do not make use of the full capabilities of a pretrained generative model. In this work, we aim to bridge this gap. We show how a pretrained image generator can be used to semantically manipulate images in a detailed, diverse, and photorealistic way while still preserving the class of the original image. Inspired by recent GAN-based image inversion methods, we propose a method called Adversarial Pivotal Tuning (APT). Given an image, APT first finds a pivot latent space input that reconstructs the image using a pretrained generator. It then adjusts the generator's weights to create small yet semantic manipulations in order to fool a pretrained classifier. APT preserves the full expressive editing capabilities of the generative model. We demonstrate that APT is capable of a wide range of class-preserving semantic image manipulations that fool a variety of pretrained classifiers. Finally, we show that classifiers that are robust to other benchmarks are not robust to APT manipulations and suggest a method to improve them.

M3 - Article in proceedings

SP - 2952

EP - 2961

BT - Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV)

PB - IEEE

T2 - WACV 2024 - IEEE/CVF Winter Conference on Applications of Computer Vision

Y2 - 4 January 2024 through 8 January 2024

ER -

ID: 383746154