Efficient Key-Based Adversarial Defense for ImageNet by Using Pre-Trained Models

IF 2.9 Q2 ENGINEERING, ELECTRICAL & ELECTRONIC IEEE open journal of signal processing Pub Date : 2024-06-26 DOI:10.1109/OJSP.2024.3419569
AprilPyone MaungMaung;Isao Echizen;Hitoshi Kiya
{"title":"Efficient Key-Based Adversarial Defense for ImageNet by Using Pre-Trained Models","authors":"AprilPyone MaungMaung;Isao Echizen;Hitoshi Kiya","doi":"10.1109/OJSP.2024.3419569","DOIUrl":null,"url":null,"abstract":"In this paper, we propose key-based defense model proliferation by leveraging pre-trained models and utilizing recent efficient fine-tuning techniques on ImageNet-1 k classification. First, we stress that deploying key-based models on edge devices is feasible with the latest model deployment advancements, such as Apple CoreML, although the mainstream enterprise edge artificial intelligence (Edge AI) has been focused on the Cloud. Then, we point out that the previous key-based defense on on-device image classification is impractical for two reasons: (1) training many classifiers from scratch is not feasible, and (2) key-based defenses still need to be thoroughly tested on large datasets like ImageNet. To this end, we propose to leverage pre-trained models and utilize efficient fine-tuning techniques to proliferate key-based models even on limited compute resources. Experiments were carried out on the ImageNet-1 k dataset using adaptive and non-adaptive attacks. The results show that our proposed fine-tuned key-based models achieve a superior classification accuracy (more than 10% increase) compared to the previous key-based models on classifying clean and adversarial examples.","PeriodicalId":73300,"journal":{"name":"IEEE open journal of signal processing","volume":"5 ","pages":"902-913"},"PeriodicalIF":2.9000,"publicationDate":"2024-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10572223","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE open journal of signal processing","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10572223/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

Abstract

In this paper, we propose key-based defense model proliferation by leveraging pre-trained models and utilizing recent efficient fine-tuning techniques on ImageNet-1 k classification. First, we stress that deploying key-based models on edge devices is feasible with the latest model deployment advancements, such as Apple CoreML, although the mainstream enterprise edge artificial intelligence (Edge AI) has been focused on the Cloud. Then, we point out that the previous key-based defense on on-device image classification is impractical for two reasons: (1) training many classifiers from scratch is not feasible, and (2) key-based defenses still need to be thoroughly tested on large datasets like ImageNet. To this end, we propose to leverage pre-trained models and utilize efficient fine-tuning techniques to proliferate key-based models even on limited compute resources. Experiments were carried out on the ImageNet-1 k dataset using adaptive and non-adaptive attacks. The results show that our proposed fine-tuned key-based models achieve a superior classification accuracy (more than 10% increase) compared to the previous key-based models on classifying clean and adversarial examples.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
利用预训练模型为 ImageNet 提供基于密钥的高效对抗性防御
在本文中,我们提出了基于密钥的防御模型扩散方案,即利用预训练模型和最近在 ImageNet-1 k 分类上采用的高效微调技术。首先,我们强调,虽然主流的企业边缘人工智能(Edge AI)都集中在云端,但随着苹果 CoreML 等最新模型部署技术的发展,在边缘设备上部署基于密钥的模型是可行的。然后,我们指出,之前基于密钥的设备上图像分类防御是不切实际的,原因有二:(1)从头开始训练许多分类器是不可行的;(2)基于密钥的防御仍需在大型数据集(如 ImageNet)上进行彻底测试。为此,我们建议利用预先训练好的模型,并利用高效的微调技术,即使在有限的计算资源上也能推广基于密钥的模型。我们使用自适应和非自适应攻击在 ImageNet-1 k 数据集上进行了实验。结果表明,与以前的基于密钥的模型相比,我们提出的基于密钥的微调模型在对干净和对抗性示例进行分类时实现了更高的分类准确率(提高 10%以上)。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
5.30
自引率
0.00%
发文量
0
审稿时长
22 weeks
期刊最新文献
Iterative Sparse Identification of Nonlinear Dynamics Energy Efficient Signal Detection Using SPRT and Ordered Transmissions in Wireless Sensor Networks Robust Estimation of the Covariance Matrix From Data With Outliers Dynamic Sensor Placement Based on Sampling Theory for Graph Signals Adversarial Training for Jamming-Robust Channel Estimation in OFDM Systems
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1