Familiarity-Based Open-Set Recognition Under Adversarial Attacks

Philip Enevoldsen∗, Christian Gundersen, Nico Lang, Serge Belongie, Christian Igel

Research output: Working paperPreprint

4 Downloads (Pure)

Abstract

Open-set recognition (OSR), the identification of novel categories, can be a critical component when deploying classification models in real-world applications. Recent work has shown that familiarity-based scoring rules such as the Maximum Softmax Probability (MSP) or the Maximum Logit Score (MLS) are strong baselines when the closed-set accuracy is high. However, one of the potential weaknesses of familiarity-based OSR are adversarial attacks. Here, we present gradient-based adversarial attacks on familiarity scores for both types of attacks, False Familiarity and False Novelty attacks, and evaluate their effectiveness in informed and uninformed settings on TinyImageNet.
Original languageEnglish
PublisherarXiv.org
Number of pages5
Publication statusPublished - 2023

Cite this