Abstract
Open-set recognition (OSR), the identification of novel categories, can be a critical component when deploying classification models in real-world applications. Recent work has shown that familiarity-based scoring rules such as the Maximum Softmax Probability (MSP) or the Maximum Logit Score (MLS) are strong baselines when the closed-set accuracy is high. However, one of the potential weaknesses of familiarity-based OSR are adversarial attacks. Here, we study gradient-based adversarial attacks on familiarity scores for both types of attacks, False Familiarity and False Novelty attacks, and evaluate their effectiveness in informed and uninformed settings on TinyImageNet. Furthermore, we explore how novel and familiar samples react to adversarial attacks and formulate the adversarial reaction score as an alternative OSR scoring rule, which shows a high correlation with the MLS familiarity score.
| Originalsprog | Engelsk |
|---|---|
| Tidsskrift | Proceedings of Machine Learning Research |
| Vol/bind | 265 |
| Sider (fra-til) | 58-65 |
| ISSN | 2640-3498 |
| Status | Udgivet - 2025 |
| Begivenhed | 6th Northern Lights Deep Learning Conference, NLDL 2025 - Tromso, Norge Varighed: 7 jan. 2025 → 9 jan. 2025 |
Konference
| Konference | 6th Northern Lights Deep Learning Conference, NLDL 2025 |
|---|---|
| Land/Område | Norge |
| By | Tromso |
| Periode | 07/01/2025 → 09/01/2025 |
Bibliografisk note
Funding Information:P.E. and C.G. acknowledge support by the Danish Data Science Academy (DDSA). This work was supported in part by the Pioneer Centre for AI, DNRF grant number P1, and the European Union project ELIAS (grant agreement number 101120237).
Publisher Copyright:
© NLDL 2025.All rights reserved.