{"title":"Disentangling Ensemble Models on Adversarial Generalization in Image Classification","authors":"Chenwei Li, Mengyuan Pan, Bo Yang, Hengwei Zhang","doi":"10.1109/EEI59236.2023.10212535","DOIUrl":null,"url":null,"abstract":"Convolutional neural networks are widely used in computer vision and image processing. However, when the original input is added with manually imperceptible perturbations, these deep network models mostly tend to output incorrect predictions. The vulnerability of these models poses great threat to intelligent applications, and these manually imperceptible perturbations are called adversarial examples. Current baseline methods have achieved considerable white-box attack success rate, but black-box rate remains to be improved. To boost the adversarial generalization, ensemble models method is introduced to the process of generating adversarial examples. This paper proposes multiple ensemble strategies with baseline attack methods based on existing ensemble strategy used by former methods. Experiment on ImageNet dataset empirically verifies the optimal ensemble strategy on boosting adversarial generalization.","PeriodicalId":363603,"journal":{"name":"2023 5th International Conference on Electronic Engineering and Informatics (EEI)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 5th International Conference on Electronic Engineering and Informatics (EEI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EEI59236.2023.10212535","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Convolutional neural networks are widely used in computer vision and image processing. However, when the original input is added with manually imperceptible perturbations, these deep network models mostly tend to output incorrect predictions. The vulnerability of these models poses great threat to intelligent applications, and these manually imperceptible perturbations are called adversarial examples. Current baseline methods have achieved considerable white-box attack success rate, but black-box rate remains to be improved. To boost the adversarial generalization, ensemble models method is introduced to the process of generating adversarial examples. This paper proposes multiple ensemble strategies with baseline attack methods based on existing ensemble strategy used by former methods. Experiment on ImageNet dataset empirically verifies the optimal ensemble strategy on boosting adversarial generalization.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
