Summary of Lotos: Layer-wise Orthogonalization For Training Robust Ensembles, by Ali Ebrahimpour-boroojeny et al.
LOTOS: Layer-wise Orthogonalization for Training Robust Ensembles
by Ali Ebrahimpour-Boroojeny, Hari Sundaram, Varun Chandrasekaran
First submitted to arxiv on: 7 Oct 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Machine Learning (stat.ML)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The abstract discusses the transferability of adversarial examples, a property that affects all classification models, even those accessible through black-box queries. Prior work shows that an ensemble of models is more resilient to transferability, and most research focuses on improving ensemble diversity. Another line of prior work demonstrates that Lipschitz continuity can make models more robust by limiting output changes with small input perturbations. This paper investigates the effect of Lipschitz continuity on transferability rates and introduces LOTOS, a new training paradigm for ensembles that counteracts adverse effects. LOTOS promotes orthogonality among sub-spaces of transformations in affine layers to increase ensemble robustness. Theoretical analysis shows that the computational overhead is negligible, especially for convolutional layers. Experiments demonstrate that LOTOS increases the robust accuracy of ResNet-18 models by 6 percentage points against black-box attacks on CIFAR-10 and can combine with prior state-of-the-art methods to enhance robust accuracy by 10.7 percentage points. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper shows how different models work together to make predictions more accurate and difficult for hackers to manipulate. The researchers found that even if one model is not very good at predicting, an ensemble of many models can still be very effective. They also discovered that some techniques that help individual models resist attacks actually make the ensemble less resistant. To fix this problem, they developed a new way to train these ensembles called LOTOS. This method helps the different models work together better and makes it harder for hackers to find weaknesses in the system. |
Keywords
» Artificial intelligence » Classification » Resnet » Transferability
