Papers
Topics
Authors
Recent
Search
2000 character limit reached

PUMA: margin-based data pruning

Published 10 May 2024 in cs.LG | (2405.06298v1)

Abstract: Deep learning has been able to outperform humans in terms of classification accuracy in many tasks. However, to achieve robustness to adversarial perturbations, the best methodologies require to perform adversarial training on a much larger training set that has been typically augmented using generative models (e.g., diffusion models). Our main objective in this work, is to reduce these data requirements while achieving the same or better accuracy-robustness trade-offs. We focus on data pruning, where some training samples are removed based on the distance to the model classification boundary (i.e., margin). We find that the existing approaches that prune samples with low margin fails to increase robustness when we add a lot of synthetic data, and explain this situation with a perceptron learning task. Moreover, we find that pruning high margin samples for better accuracy increases the harmful impact of mislabeled perturbed data in adversarial training, hurting both robustness and accuracy. We thus propose PUMA, a new data pruning strategy that computes the margin using DeepFool, and prunes the training samples of highest margin without hurting performance by jointly adjusting the training attack norm on the samples of lowest margin. We show that PUMA can be used on top of the current state-of-the-art methodology in robustness, and it is able to significantly improve the model performance unlike the existing data pruning strategies. Not only PUMA achieves similar robustness with less data, but it also significantly increases the model accuracy, improving the performance trade-off.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (30)
  1. Statistical Mechanics of Complex Neural Systems and High Dimensional Data. Journal of Statistical Mechanics: Theory and Experiment, 2013(03):P03014, 2013.
  2. Instance Adaptive Adversarial Training: Improved Accuracy Tradeoffs In Neural Nets. CoRR, abs/1910.08051, 2019.
  3. Margin Based Active Learning. In COLT, volume 4539 of Lecture Notes in Computer Science, pp.  35–50, 2007.
  4. YOLOv4: Optimal Speed and Accuracy of Object Detection. CoRR, abs/2004.10934, 2020.
  5. Towards Evaluating the Robustness of Neural Networks. In IEEE Symposium on Security and Privacy, pp.  39–57, 2017.
  6. CAT: Customized Adversarial Training for Improved Robustness. In IJCAI, pp.  673–679, 2022.
  7. Data Profiling for Adversarial Training: On the Ruin of Problematic Data. CoRR, abs/2102.07437, 2021.
  8. Adversarial Active Learning for Deep Networks: a Margin Based Approach. CoRR, abs/1802.09841, 2018.
  9. Engel, A. Statistical Mechanics of Learning. Cambridge University Press, 2001.
  10. Gardner, E. The Space of Interactions in Neural Network Models. Journal of physics A: Mathematical and general, 21(1):257, 1988.
  11. Explaining and Harnessing Adversarial Examples. In ICLR, 2015.
  12. Elucidating the Design Space of Diffusion-based Generative Models. In NeurIPS, 2022.
  13. ImageNet Classification with Deep Convolutional Neural Networks. In NeurIPS, pp.  1106–1114, 2012.
  14. Adversarial Examples in the Physical World. In 5th International Conference on Learning Representations, ICLR 2017, Toulon, France, April 24-26, 2017, Workshop Track Proceedings. OpenReview.net, 2017. URL https://openreview.net/forum?id=HJGU3Rodl.
  15. On the Impact of Hard Adversarial Instances on Overfitting in Adversarial Training. CoRR, abs/2112.07324, 2021.
  16. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks. In CVPR, pp.  2574–2582, 2016.
  17. Deep Learning on a Data Diet: Finding Important Examples Early in Training. In NeurIPS, pp.  20596–20607, 2021.
  18. Fixing Data Augmentation to Improve Adversarial Robustness. CoRR, abs/2103.01946, 2021.
  19. Overfitting in Adversarially Robust Deep Learning. In ICML, volume 119 of Proceedings of Machine Learning Research, pp.  8093–8104, 2020.
  20. ImageNet-21K Pretraining for the Masses. In Vanschoren, J. and Yeung, S. (eds.), Proceedings of the Neural Information Processing Systems Track on Datasets and Benchmarks 1, NeurIPS Datasets and Benchmarks 2021, December 2021, virtual, 2021. URL https://datasets-benchmarks-proceedings.neurips.cc/paper/2021/hash/98f13708210194c475687be6106a3b84-Abstract-round1.html.
  21. Scheffer, T. Active Learning of Partially Hidden Markov Models. In Proceedings of the ECML/PKDD Workshop on Instance Selection, 2001.
  22. Statistical Mechanics of Learning From Examples. Physical review A, 45(8):6056, 1992.
  23. Beyond Neural Scaling Laws: Beating Power Law Scaling via Data Pruning. In NeurIPS, 2022.
  24. Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations. In ICML, volume 119 of Proceedings of Machine Learning Research, pp.  9561–9571, 2020.
  25. Robustness May Be at Odds with Accuracy. In ICLR, 2019.
  26. On the Convergence and Robustness of Adversarial Training. In ICML, volume 97 of Proceedings of Machine Learning Research, pp.  6586–6595, 2019.
  27. Better Diffusion Models Further Improve Adversarial Training. In ICML, volume 202 of Proceedings of Machine Learning Research, pp.  36246–36263, 2023.
  28. Adversarial Examples Improve Image Recognition. In CVPR, pp.  816–825, 2020.
  29. Adversarially Robust Estimate and Risk Analysis in Linear Regression. In AISTATS, volume 130 of Proceedings of Machine Learning Research, pp.  514–522, 2021.
  30. Why Do Artificially Generated Data Help Adversarial Robustness. In NeurIPS, 2022.
Citations (1)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Authors (2)

  1. Javier Maroto 
  2. Pascal Frossard 

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up