| dc.contributor.author | Wang, Z | |
| dc.contributor.author | Ruan, W | |
| dc.date.accessioned | 2022-07-06T09:33:11Z | |
| dc.date.issued | 2023-03-17 | |
| dc.date.updated | 2022-07-05T15:39:01Z | |
| dc.description.abstract | Recent research on the robustness of deep learning has shown that Vision Transformers (ViTs) surpass the Convolutional Neural Networks (CNNs) under some perturbations, e.g., natural corruption, adversarial attacks, etc. Some papers argue that the superior robustness of ViT comes from the segmentation of its input images; others say that the Multi-head Self-Attention (MSA) is the key to preserving the robustness. In this paper, we aim to introduce a principled and unified theoretical framework to investigate such an argument on ViT’s robustness. We first theoretically prove that, unlike Transformers in Natural Language Processing, ViTs are Lipschitz continuous. Then we theoretically analyze the adversarial robustness of ViTs from the perspective of the Cauchy Problem, via which we can quantify how the robustness propagates through layers. We demonstrate that the first and last layers are the critical factors to affect the robustness of ViTs. Furthermore, based on our theory, we empirically show that unlike the claims from existing research, MSA only contributes to the adversarial robustness of ViTs under weak adversarial attacks, e.g., FGSM, and surprisingly, MSA actually comprises the model’s adversarial robustness under stronger attacks, e.g., PGD attacks. | en_GB |
| dc.description.sponsorship | Engineering and Physical Sciences Research Council (EPSRC) | en_GB |
| dc.identifier.citation | In: Machine Learning and Knowledge Discovery in Databases; ECML PKDD 2022, edited by Massih-Reza Amini, Stéphane Canu, Asja Fischer, Tias Guns, Petra Kralj Novak, and Grigorios Tsoumakas, pp. 562–577. Lecture Notes in Computer Science Volume 13715 | en_GB |
| dc.identifier.doi | 10.1007/978-3-031-26409-2_34 | |
| dc.identifier.grantnumber | EP/R026173/1 | en_GB |
| dc.identifier.uri | http://hdl.handle.net/10871/130167 | |
| dc.language.iso | en | en_GB |
| dc.publisher | Springer | en_GB |
| dc.rights.embargoreason | Under embargo until 17 March 2024 in compliance with publisher policy | en_GB |
| dc.rights | © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG | |
| dc.subject | Adversarial Robustness | en_GB |
| dc.subject | Cauchy Problem | en_GB |
| dc.subject | Vision Transformer | en_GB |
| dc.title | Understanding Adversarial Robustness of Vision Transformers via Cauchy Problem | en_GB |
| dc.type | Conference paper | en_GB |
| dc.date.available | 2022-07-06T09:33:11Z | |
| exeter.location | Grenoble, France | |
| dc.description | This is the author accepted manuscript. The final version is available from Springer via the DOI in this record | en_GB |
| dc.description | ECML PKDD 2022: European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, Grenoble, France, 19 - 23 September 2022 | |
| dc.rights.uri | http://www.rioxx.net/licenses/all-rights-reserved | en_GB |
| dcterms.dateAccepted | 2022-06-14 | |
| rioxxterms.version | AM | en_GB |
| rioxxterms.licenseref.startdate | 2022-06-14 | |
| rioxxterms.type | Conference Paper/Proceeding/Abstract | en_GB |
| refterms.dateFCD | 2022-07-05T15:39:03Z | |
| refterms.versionFCD | AM | |
| refterms.dateFOA | 2024-03-17T00:00:00Z | |
| refterms.panel | B | en_GB |
| pubs.name-of-conference | European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases 2022 | |
