Using Reed-Muller codes for classification with rejection and recovery

Conference item

Abstract:: When deploying classifiers in the real world, users expect them to respond to inputs appropriately. However, traditional classifiers are not equipped to handle inputs which lie far from the distribution they were trained on. Malicious actors can exploit this defect by making adversarial perturbations designed to cause the classifier to give an incorrect output. Classification-with-rejection methods attempt to solve this problem by allowing networks to refuse to classify an input in which they have low confidence. This works well for strongly adversarial examples, but also leads to the rejection of weakly perturbed images, which intuitively could be correctly classified. To address these issues, we propose Reed-Muller Aggregation Networks (RMAggNet), a classifier inspired by Reed-Muller error-correction codes which can correct and reject inputs. This paper shows that RMAggNet can minimise incorrectness while maintaining good correctness over multiple adversarial attacks at different perturbation budgets by leveraging the ability to correct errors in the classification process. This provides an alternative classification-with-rejection method which can reduce the amount of additional processing in situations where a small number of incorrect classifications are permissible.

Files:: Fentham_et_al_2024_Using_Reed-Muller_codes.pdf

(Preview, Accepted manuscript, pdf, 449.2KB, Terms of use)

Publisher:: Springer
Host title:: Foundations and Practice of Security. FPS 2023
Pages:: 36–52
Series:: Lecture Notes in Computer Science
Series number:: 14551
Publication date:: 2024-04-25
Acceptance date:: 2023-11-10
Event title:: 16th International Symposium on Foundations & Practice of Security
Event location:: Bordeaux Institute of Technologies, Bordeaux, France
Event website:: https://www.fps-2023.com/
Event start date:: 2023-12-11
Event end date:: 2023-12-13
DOI:: 10.1007/978-3-031-57537-2
EISSN:: 1958-9395
ISSN:: 0003-4347
EISBN:: 978-3-031-57537-2
ISBN:: 978-3-031-57536-5

Language:: English
Keywords:: ML security

deep neural networks

error-correction codes

classification with-rejection

adversarial examples
Pubs id:: 1598601
Local pid:: pubs:1598601
Deposit date:: 2024-01-12

Copyright holder:: Fentham et al.
Notes:: This is the accepted manuscript version of the paper. The final version is available online from Springer at https://dx.doi.org/10.1007/978-3-031-57537-2

Licence:: Terms and Conditions of Use for Oxford University Research Archive

If you are the owner of this record, you can report an update to it here: Report update to this record