We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CV
< prev | next >
new | recent | 2206

Change to browse by:

cs
cs.AI

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Computer Vision and Pattern Recognition

Title: Exploring Adversarial Attacks and Defenses in Vision Transformers trained with DINO

Authors: Javier Rando, Nasib Naimi, Thomas Baumann, Max Mathys
(Submitted on 14 Jun 2022 (v1), last revised 8 Sep 2022 (this version, v4))
Abstract: This work conducts the first analysis on the robustness against adversarial attacks on self-supervised Vision Transformers trained using DINO. First, we evaluate whether features learned through self-supervision are more robust to adversarial attacks than those emerging from supervised learning. Then, we present properties arising for attacks in the latent space. Finally, we evaluate whether three well-known defense strategies can increase adversarial robustness in downstream tasks by only fine-tuning the classification head to provide robustness even in view of limited compute resources. These defense strategies are: Adversarial Training, Ensemble Adversarial Training and Ensemble of Specialized Networks.
Comments: ICML 2022 Workshop paper accepted at AdvML Frontiers
Subjects: Computer Vision and Pattern Recognition (cs.CV); Artificial Intelligence (cs.AI)
Cite as: arXiv:2206.06761 [cs.CV]
  (or arXiv:2206.06761v4 [cs.CV] for this version)

Submission history

From: Javier Rando [view email]
[v1] Tue, 14 Jun 2022 11:20:16 GMT (10491kb,D)
[v2] Thu, 23 Jun 2022 12:21:19 GMT (2717kb,D)
[v3] Wed, 13 Jul 2022 14:24:17 GMT (2718kb,D)
[v4] Thu, 8 Sep 2022 07:10:17 GMT (2718kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.