Metrics
6 readers on Mendeley
Journal article
Reducing classifier overconfidence against adversaries through graph algorithms
Machine learning, Vol.112(7), pp.2619-2651
07/01/2023
Web of Science ID: WOS:000952042800001
Metrics
5 Record Views
Abstract
In this work we show that deep learning classifiers tend to become overconfident in their answers under adversarial attacks, even when the classifier is optimized to survive such attacks. Our work draws upon stochastic geometry and graph algorithms to propose a general framework to replace the last fully connected layer and softmax output. This framework (a) can be applied to any classifier and (b) significantly reduces the classifier's overconfidence in its output without much of an impact on its accuracy when compared to original adversarially-trained classifiers. Its relative effectiveness increases as the attacker becomes more powerful. Our use of graph algorithms in adversarial learning is new and of independent interest. Finally, we show the advantages of this last-layer softmax replacement over image tasks under common adversarial attacks.
Related links
Details
- Title
- Reducing classifier overconfidence against adversaries through graph algorithms
- Publication Details
- Machine learning, Vol.112(7), pp.2619-2651
- Resource Type
- Journal article
- Publisher
- Springer Nature
- Number of pages
- 33
- Grant note
- IIS-1943364; CCF1918483 / National Science Foundation (NSF) W911NF-09-2-0053 / ARO, under the U.S. Army Research Laboratory
- Copyright
- © 2023, The Author(s), under exclusive licence to Springer Science Business Media LLC, part of Springer Nature
- Identifiers
- WOS:000952042800001; 99381512043106600
- Academic Unit
- Intelligent Systems and Robotics; Hal Marcus College of Science and Engineering
- Language
- English