Enhanced Regularizers for Attributional Robustness

Authors

  • Anindya Sarkar Indian Institute of Technology, Hyderabad
  • Anirban Sarkar Indian Institute of Technology, Hyderabad
  • Vineeth N Balasubramanian Indian Institute of Technology, Hyderabad

DOI:

https://doi.org/10.1609/aaai.v35i3.16355

Keywords:

Adversarial Attacks & Robustness

Abstract

Deep neural networks are the default choice of learning models for computer vision tasks. Extensive work has been carried out in recent years on explaining deep models for vision tasks such as classification. However, recent work has shown that it is possible for these models to produce substantially different attribution maps even when two very similar images are given to the network, raising serious questions about trustworthiness. To address this issue, we propose a robust attribution training strategy to improve attributional robustness of deep neural networks. Our method carefully analyzes the requirements for attributional robustness and introduces two new regularizers that preserve a model's attribution map during attacks. Our method surpasses state-of-the-art attributional robustness methods by a margin of approximately 3% to 9% in terms of attribution robustness measures on several datasets including MNIST, FMNIST, Flower and GTSRB.
AAAI-21 Proceedings Cover

Downloads

Published

2021-05-18

How to Cite

Sarkar, A., Sarkar, A., & N Balasubramanian, V. (2021). Enhanced Regularizers for Attributional Robustness. Proceedings of the AAAI Conference on Artificial Intelligence, 35(3), 2532-2540. https://doi.org/10.1609/aaai.v35i3.16355

Issue

Vol. 35 No. 3: AAAI-21 Technical Tracks 3

Section

AAAI Technical Track on Computer Vision II