Adversarial robustness of deep neural networks has been actively investigated. However, most existing defense approaches are limited to a specific type of adversarial perturbations. Specifically, they often fail to offer resistance to multiple attack types simultaneously, i.e., they lack multi-perturbation robustness. In this talk, I will present our proposed method, which is one of the first defense strategies against multiple types of adversarial videos for video recognition. The proposed method, referred to as MultiBN, performs adversarial training on multiple adversarial video types using multiple independent batch normalization (BN) layers with a learning-based BN selection module. Compared to existing adversarial training approaches, the proposed MultiBN exhibits stronger multi-perturbation robustness against different and even unforeseen adversarial video types, ranging from Lp-bounded attacks and physically realizable attacks.

Shao-Yuan Lo is a Ph.D. student in the Department of Electrical and Computer Engineering at Johns Hopkins University. He was an Applied Scientist Intern at Amazon in summer 2021. His research focuses on adversarial machine learning, domain adaptation and semantic segmentation. He received his B.S. and M.S. degrees from National Chiao Tung University, Taiwan, in 2017 and 2019, respectively. He received the Best Paper Award at ACM Multimedia Asia 2019 and the 2019 IPPR Best Master Thesis Award.