这项工作总结了2022年2022年国际生物识别联合会议(IJCB 2022)的IJCB被遮挡的面部识别竞赛(IJCB-OCFR-2022)。OCFR-2022从学术界吸引了总共3支参与的团队。最终,提交了六个有效的意见书,然后由组织者评估。在严重的面部阻塞面前,举行了竞争是为了应对面部识别的挑战。参与者可以自由使用任何培训数据,并且通过使用众所周知的数据集构成面部图像的部分来构建测试数据。提交的解决方案提出了创新,并以所考虑的基线表现出色。这项竞争的主要输出是具有挑战性,现实,多样化且公开可用的遮挡面部识别基准,并具有明确的评估协议。
translated by 谷歌翻译
Adversarial training has been empirically shown to be more prone to overfitting than standard training. The exact underlying reasons still need to be fully understood. In this paper, we identify one cause of overfitting related to current practices of generating adversarial samples from misclassified samples. To address this, we propose an alternative approach that leverages the misclassified samples to mitigate the overfitting problem. We show that our approach achieves better generalization while having comparable robustness to state-of-the-art adversarial training methods on a wide range of computer vision, natural language processing, and tabular tasks.
translated by 谷歌翻译
Adversarial training is widely acknowledged as the most effective defense against adversarial attacks. However, it is also well established that achieving both robustness and generalization in adversarially trained models involves a trade-off. The goal of this work is to provide an in depth comparison of different approaches for adversarial training in language models. Specifically, we study the effect of pre-training data augmentation as well as training time input perturbations vs. embedding space perturbations on the robustness and generalization of BERT-like language models. Our findings suggest that better robustness can be achieved by pre-training data augmentation or by training with input space perturbation. However, training with embedding space perturbation significantly improves generalization. A linguistic correlation analysis of neurons of the learned models reveal that the improved generalization is due to `more specialized' neurons. To the best of our knowledge, this is the first work to carry out a deep qualitative analysis of different methods of generating adversarial examples in adversarial training of language models.
translated by 谷歌翻译
联合学习(FL)为培训机器学习模型打开了新的观点,同时将个人数据保存在用户场所上。具体而言,在FL中,在用户设备上训练了模型,并且仅将模型更新(即梯度)发送到中央服务器以进行聚合目的。但是,近年来发表的一系列推理攻击泄漏了私人数据,这强调了需要设计有效的保护机制来激励FL的大规模采用。尽管存在缓解服务器端的这些攻击的解决方案,但几乎没有采取任何措施来保护用户免受客户端执行的攻击。在这种情况下,在客户端使用受信任的执行环境(TEE)是最建议的解决方案之一。但是,现有的框架(例如,Darknetz)需要静态地将机器学习模型的很大一部分放入T恤中,以有效防止复杂的攻击或攻击组合。我们提出了GradSec,该解决方案允许在静态或动态上仅在机器学习模型的TEE上进行保护,因此将TCB的大小和整体训练时间降低了30%和56%,相比之下 - 艺术竞争者。
translated by 谷歌翻译