Familiarity-Based Open-Set Recognition Under Adversarial Attacks

Philip Enevoldsen; Christian Gundersen; Nico Lang; Serge Belongie; Christian Igel

Familiarity-Based Open-Set Recognition Under Adversarial Attacks

Philip Enevoldsen, Christian Gundersen, Nico Lang, Serge Belongie, Christian Igel

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

Open-set recognition (OSR), the identification of novel categories, can be a critical component when deploying classification models in real-world applications. Recent work has shown that familiarity-based scoring rules such as the Maximum Softmax Probability (MSP) or the Maximum Logit Score (MLS) are strong baselines when the closed-set accuracy is high. However, one of the potential weaknesses of familiarity-based OSR are adversarial attacks. Here, we study gradient-based adversarial attacks on familiarity scores for both types of attacks, False Familiarity and False Novelty attacks, and evaluate their effectiveness in informed and uninformed settings on TinyImageNet. Furthermore, we explore how novel and familiar samples react to adversarial attacks and formulate the adversarial reaction score as an alternative OSR scoring rule, which shows a high correlation with the MLS familiarity score.

Original language	English
Title of host publication	Proceedings of the 6th Northern Lights Deep Learning Conference (NLDL)
Number of pages	8
Volume	265
Publisher	PMLR
Publication date	2025
Pages	58-65
Publication status	Published - 2025
Event	6th Northern Lights Deep Learning Conference, NLDL 2025 - Tromso, Norway Duration: 7 Jan 2025 → 9 Jan 2025

Conference

Conference	6th Northern Lights Deep Learning Conference, NLDL 2025
Country/Territory	Norway
City	Tromso
Period	07/01/2025 → 09/01/2025

Series	Proceedings of Machine Learning Research
Volume	265

Access to Document

FulltextFinal published version, 2.22 MBLicence: CC BY

https://proceedings.mlr.press/v265/enevoldsen25a.htmlLicence: CC BY

Cite this

Familiarity-Based Open-Set Recognition Under Adversarial Attacks. / Enevoldsen, Philip; Gundersen, Christian; Lang, Nico et al.
Proceedings of the 6th Northern Lights Deep Learning Conference (NLDL). Vol. 265 PMLR, 2025. p. 58-65 (Proceedings of Machine Learning Research, Vol. 265).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Enevoldsen, P, Gundersen, C, Lang, N , Belongie, S & Igel, C 2025, Familiarity-Based Open-Set Recognition Under Adversarial Attacks. in Proceedings of the 6th Northern Lights Deep Learning Conference (NLDL). vol. 265, PMLR, Proceedings of Machine Learning Research, vol. 265, pp. 58-65, 6th Northern Lights Deep Learning Conference, NLDL 2025, Tromso, Norway, 07/01/2025. <https://proceedings.mlr.press/v265/enevoldsen25a.html>

@inproceedings{db987e32f7e547698a0674b484e2aebd,

title = "Familiarity-Based Open-Set Recognition Under Adversarial Attacks",

abstract = "Open-set recognition (OSR), the identification of novel categories, can be a critical component when deploying classification models in real-world applications. Recent work has shown that familiarity-based scoring rules such as the Maximum Softmax Probability (MSP) or the Maximum Logit Score (MLS) are strong baselines when the closed-set accuracy is high. However, one of the potential weaknesses of familiarity-based OSR are adversarial attacks. Here, we study gradient-based adversarial attacks on familiarity scores for both types of attacks, False Familiarity and False Novelty attacks, and evaluate their effectiveness in informed and uninformed settings on TinyImageNet. Furthermore, we explore how novel and familiar samples react to adversarial attacks and formulate the adversarial reaction score as an alternative OSR scoring rule, which shows a high correlation with the MLS familiarity score.",

author = "Philip Enevoldsen and Christian Gundersen and Nico Lang and Serge Belongie and Christian Igel",

year = "2025",

language = "English",

volume = "265",

series = "Proceedings of Machine Learning Research",

pages = "58--65",

booktitle = "Proceedings of the 6th Northern Lights Deep Learning Conference (NLDL)",

publisher = "PMLR",

note = "6th Northern Lights Deep Learning Conference, NLDL 2025 ; Conference date: 07-01-2025 Through 09-01-2025",

}

TY - GEN

T1 - Familiarity-Based Open-Set Recognition Under Adversarial Attacks

AU - Enevoldsen, Philip

AU - Gundersen, Christian

AU - Lang, Nico

AU - Belongie, Serge

AU - Igel, Christian

PY - 2025

Y1 - 2025

N2 - Open-set recognition (OSR), the identification of novel categories, can be a critical component when deploying classification models in real-world applications. Recent work has shown that familiarity-based scoring rules such as the Maximum Softmax Probability (MSP) or the Maximum Logit Score (MLS) are strong baselines when the closed-set accuracy is high. However, one of the potential weaknesses of familiarity-based OSR are adversarial attacks. Here, we study gradient-based adversarial attacks on familiarity scores for both types of attacks, False Familiarity and False Novelty attacks, and evaluate their effectiveness in informed and uninformed settings on TinyImageNet. Furthermore, we explore how novel and familiar samples react to adversarial attacks and formulate the adversarial reaction score as an alternative OSR scoring rule, which shows a high correlation with the MLS familiarity score.

AB - Open-set recognition (OSR), the identification of novel categories, can be a critical component when deploying classification models in real-world applications. Recent work has shown that familiarity-based scoring rules such as the Maximum Softmax Probability (MSP) or the Maximum Logit Score (MLS) are strong baselines when the closed-set accuracy is high. However, one of the potential weaknesses of familiarity-based OSR are adversarial attacks. Here, we study gradient-based adversarial attacks on familiarity scores for both types of attacks, False Familiarity and False Novelty attacks, and evaluate their effectiveness in informed and uninformed settings on TinyImageNet. Furthermore, we explore how novel and familiar samples react to adversarial attacks and formulate the adversarial reaction score as an alternative OSR scoring rule, which shows a high correlation with the MLS familiarity score.

M3 - Article in proceedings

VL - 265

T3 - Proceedings of Machine Learning Research

SP - 58

EP - 65

BT - Proceedings of the 6th Northern Lights Deep Learning Conference (NLDL)

PB - PMLR

T2 - 6th Northern Lights Deep Learning Conference, NLDL 2025

Y2 - 7 January 2025 through 9 January 2025

ER -