Robust Learning with Adversarial Perturbations and Label Noise: A Two-Pronged Defense Approach

Despite great success achieved, deep learning methods are vulnerable to noise in the training dataset, including adversarial perturbations and annotation noise. These harmful factors significantly influence the learning process of deep models, leading to less confident models. However, existing methods have not yet studied this practical and challenging issue. In this paper, we propose a novel robust learning method, i.e., Two-Pronged Defense (TPD), which is capable of eliminating negative effects of both data perturbations and label noise during the learning process. On the one hand, to defend against delusive adversarial examples, the proposed method designs an asymmetric adversarial contrastive learning strategy to craft worse-case noisy example for original training data, and train the model to align the semantic between the perturbed data and the original data. In light of this, the TPD would be able to improve the generalization ability of the model on the potential adversarial examples. On the other hand, to combat noisy labels, the TPD applies semi-supervised learning by identifying and discarding noisy labels via a novel designed identification method. Extensive experiments on benchmarks demonstrate the incapability of existing methods and the effectiveness of the proposed method when facing both data and label noise. This work is the very first attempt in learning with data and label noise, and we hope it can pave the way for future studies in related fields.

[1]  Xin-Shun Xu,et al.  IDEAL: High-Order-Ensemble Adaptation Network for Learning with Noisy Labels , 2022, ACM Multimedia.

[2]  Mamshad Nayeem Rizve,et al.  UNICON: Combating Label Noise Through Uniform Selection and Contrastive Learning , 2022, 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[3]  Jiasheng Duan,et al.  Joint-teaching: Learning to Refine Knowledge for Resource-constrained Unsupervised Cross-modal Retrieval , 2021, ACM Multimedia.

[4]  Zi Huang,et al.  Privacy Protection in Deep Multi-modal Retrieval , 2021, SIGIR.

[5]  Jingjing Li,et al.  Mitigating Generation Shifts for Generalized Zero-Shot Learning , 2021, ACM Multimedia.

[6]  Shasha Mo,et al.  DAT: Training Deep Networks Robust to Label-Noise by Matching the Feature Distributions , 2021, 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[7]  Xin-Shun Xu,et al.  Proactive Privacy-preserving Learning for Retrieval , 2021, AAAI.

[8]  Zi Huang,et al.  High-order nonlocal Hashing for unsupervised cross-modal retrieval , 2021, World Wide Web.

[9]  Zi Huang,et al.  Aggregation-Based Graph Convolutional Hashing for Unsupervised Cross-Modal Retrieval , 2021, IEEE Transactions on Multimedia.

[10]  Ruihong Qiu,et al.  Semantics Disentangling for Generalized Zero-Shot Learning , 2021, 2021 IEEE/CVF International Conference on Computer Vision (ICCV).

[11]  Xin Luo,et al.  Supervised Hierarchical Deep Hashing for Cross-Modal Retrieval , 2020, ACM Multimedia.

[12]  Yang Liu,et al.  Learning with Instance-Dependent Label Noise: A Sample Sieve Approach , 2020, ICLR.

[13]  Zi Huang,et al.  Rethinking Generative Zero-Shot Learning: An Ensemble Learning Perspective for Recognising Visual Patches , 2020, ACM Multimedia.

[14]  Gang Niu,et al.  Parts-dependent Label Noise: Towards Instance-dependent Label Noise , 2020, ArXiv.

[15]  Junnan Li,et al.  DivideMix: Learning with Noisy Labels as Semi-supervised Learning , 2020, ICLR.

[16]  Yang Liu,et al.  Peer Loss Functions: Learning from Noisy Labels without Knowing Noise Rates , 2019, ICML.

[17]  Thomas Brox,et al.  SELF: Learning to Filter Noisy Labels with Self-Ensembling , 2019, ICLR.

[18]  Yang Yang,et al.  CANZSL: Cycle-Consistent Adversarial Networks for Zero-Shot Learning from Natural Language , 2019, 2020 IEEE Winter Conference on Applications of Computer Vision (WACV).

[19]  James Bailey,et al.  Symmetric Cross Entropy for Robust Learning With Noisy Labels , 2019, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[20]  Zhi-Hua Zhou,et al.  Learning to Confuse: Generating Training Time Adversarial Data with Auto-Encoder , 2019, NeurIPS.

[21]  Xingrui Yu,et al.  How does Disagreement Help Generalization against Label Corruption? , 2019, ICML.

[22]  Yanyao Shen,et al.  Learning with Bad Training Data via Iterative Trimmed Loss Minimization , 2018, ICML.

[23]  James Bailey,et al.  Dimensionality-Driven Learning with Noisy Labels , 2018, ICML.

[24]  Quoc V. Le,et al.  AutoAugment: Learning Augmentation Policies from Data , 2018, ArXiv.

[25]  Mert R. Sabuncu,et al.  Generalized Cross Entropy Loss for Training Deep Neural Networks with Noisy Labels , 2018, NeurIPS.

[26]  Masashi Sugiyama,et al.  Co-teaching: Robust training of deep neural networks with extremely noisy labels , 2018, NeurIPS.

[27]  Chang Liu,et al.  Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[28]  Tudor Dumitras,et al.  Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks , 2018, NeurIPS.

[29]  Bin Yang,et al.  Learning to Reweight Examples for Robust Deep Learning , 2018, ICML.

[30]  Dawn Xiaodong Song,et al.  Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning , 2017, ArXiv.

[31]  Li Fei-Fei,et al.  MentorNet: Learning Data-Driven Curriculum for Very Deep Neural Networks on Corrupted Labels , 2017, ICML.

[32]  Percy Liang,et al.  Understanding Black-box Predictions via Influence Functions , 2017, ICML.

[33]  Aritra Ghosh,et al.  Robust Loss Functions under Label Noise for Deep Neural Networks , 2017, AAAI.

[34]  Jacob Goldberger,et al.  Training deep neural-networks using a noise adaptation layer , 2016, ICLR.

[35]  Richard Nock,et al.  Making Deep Neural Networks Robust to Label Noise: A Loss Correction Approach , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[36]  Paul Barford,et al.  Data Poisoning Attacks against Autoregressive Models , 2016, AAAI.

[37]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[38]  Claudia Eckert,et al.  Is Feature Selection Secure against Training Data Poisoning? , 2015, ICML.

[39]  Joan Bruna,et al.  Training Convolutional Networks with Noisy Labels , 2014, ICLR 2014.

[40]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[41]  Blaine Nelson,et al.  Exploiting Machine Learning to Subvert Your Spam Filter , 2008, LEET.

[42]  Ming-Wei Chang,et al.  BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding , 2019, NAACL.

[43]  Alex Krizhevsky,et al.  Learning Multiple Layers of Features from Tiny Images , 2009 .