Search Papers | Poster Sessions | All Posters
Poster A66 in Poster Session A - Tuesday, August 6, 2024, 4:15 – 6:15 pm, Johnson Ice Rink
Pixel-Based Similarities as Alternative to Neural Data in CNN Regularization Against Adversarial Attacks
Elie Attias1, Cengiz Pehlevan1, Dina Obeid1; 1Harvard John A. Paulson School Of Engineering And Applied Sciences
Convolutional Neural Networks (CNNs) excel in many visual tasks but are highly sensitive to slight input perturbations that are imperceptible to the human eye, often resulting in task failures. Recent studies indicate that training CNNs with regularizers that promote brain-like representations, using neural recordings, can improve model robustness. However, the requirement to collect neural data restricts the utility of these methods. Is it possible to develop regularizers that mimic the computational function of neural regularizers without the need for direct neural recordings, thereby expanding the usability and effectiveness of these techniques? In this work, we inspect a neural regularizer introduced in Li et al. (2019) to extract its underlying strength. This regularizer uses neural representational similarities, which we find also correlate with pixel similarities. Motivated by this finding, we introduce a new regularizer that retains the essence of the original but is computed using only image pixel similarities, eliminating the need for neural recordings. We show that our regularizer significantly advances model robustness for a wide range of black box attacks. Our work opens the door to explore how biologically motivated loss functions can be used to drive the performance of artificial neural networks using a method accessible to the broader machine learning community.
Keywords: Neuroscience Machine Learning CNN Adversarial Attacks