Poster
Towards Evaluation of Adversarial Robustness and Privacy on Label Mapping Visual Prompting Models
Zhen Chen · Yi Zhang · Fu Wang · Xingyu Zhao · Xiaowei Huang · Wenjie Ruan
East Exhibit Hall A-C #4506
Adversarial robustness and privacy of deep learning (DL) models have always been widely studied in AI security. Adversarial training (AT) is one of the most effective methods to improve the robustness of DL models against adversarial attacks. However, while models with AT demonstrate enhanced robustness, they become more susceptible to membership inference attacks (MIAs), thus increasing the risk of privacy leakage. This indicates a negative trade-off between adversarial robustness and privacy in general deep learning models. Visual prompting is a novel model reprogramming (MR) technique used for fine-tuning pre-trained models, achieving good performance in vision tasks, especially when combined with the label mapping technique. However, the performance of label-mapping-based visual prompting (LM-VP) under adversarial attacks and MIAs still lacks evaluation. In this work, we regard the MR of LM-VP as a unified entity, referred to as the LM-VP model,and take a step toward jointly evaluating the adversarial robustness and privacy of LM-VP models and their combination with transferred AT. Experimental results show that the transferred AT-trained LM-VP models can achieve a good trade-off between adversarial robustness and privacy.
Live content is unavailable. Log in and register to view live content