A Closer look at the Adversarial Robustness of Deep Networks for Visual Recognition

Thumbnail Image

Files

Subramanya_umbc_0434D_12740.pdf (7.73 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/28979

Collections

UMBC Theses and Dissertations
UMBC Computer Science and Electrical Engineering Department
UMBC Graduate School
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2023-01-01

Type of Work

dissertation
Text
application:pdf

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.
Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan thorugh a local library, pending author/copyright holder's permission.

Subjects

Abstract

Convolutional Neural Networks (CNNs) have been the catalyst for great progress over the years for computer vision tasks such as Image classification, Object detection, Semantic Segmentation, Few-shot Learning etc. However as these systems are being deployed in real world practical applications, it becomes important to understand their robustness properties so that we have a good understanding of the limitations. Adversarial examples, carefully constructed examples using network gradient information, are used for this purpose since they simulate the worst-case perturbation that can be encountered at inference mode. In this regard, this thesis considers such perturbations under different settings to understand deep networks better. \\ Another line of research has been developing network interpretation tools that can provide an insight into the decision-making process of neural network. We first consider adversarial patches under image classification setting and show that such interpretation tools can be fooled, bringing into question their reliability. We also consider Object detection task, showcasing that adversarial patches that have no overlap with objects in the scene can be constructed to fool the network. Such a study allows us to understand the impact of spatial context on object detection. We also show that a modified interpretation algorithm for object detection can be used to improve robustness significantly. Recent advances in network architectures in the form of vision transformers have been developed which rival the performance of CNNs whilst being easily scalable. We consider a study of such networks and show that they possess an intriguing property which enables us to identify patches developed for backdoor attacks. This again emphasizes the vulnerability of interpretation algorithms for CNNs while showing that transformer based methods provide an alternative more suited to vision tasks.We lastly consider a few shot learning paradigm where the goal is to generalize to novel classes with few examples. We find that a simple transfer learning based setting can be useful in improving robustness to adversarial examples, highlighting that robustness can be achieved in a limited data setting as well. We hope that the findings from our research can enable development of more robust architectures and methods that can withstand the distributional shifts occurring at inference, leading to trustworthy AI systems.