Paper ID: 2311.05006

Familiarity-Based Open-Set Recognition Under Adversarial Attacks

Philip Enevoldsen, Christian Gundersen, Nico Lang, Serge Belongie, Christian Igel

Open-set recognition (OSR), the identification of novel categories, can be a critical component when deploying classification models in real-world applications. Recent work has shown that familiarity-based scoring rules such as the Maximum Softmax Probability (MSP) or the Maximum Logit Score (MLS) are strong baselines when the closed-set accuracy is high. However, one of the potential weaknesses of familiarity-based OSR are adversarial attacks. Here, we present gradient-based adversarial attacks on familiarity scores for both types of attacks, False Familiarity and False Novelty attacks, and evaluate their effectiveness in informed and uninformed settings on TinyImageNet.

Submitted: Nov 8, 2023

Topics

Adversarial Attack
Open Set Recognition
Familiarity Based

Links

arXiv PDF