Toward a Better Tradeoff Between Accuracy and Robustness for Image Classification via Adversarial Feature Diversity

IEEE Journal on Miniaturization for Air and Space Systems Pub Date : 2024-09-17 DOI:10.1109/JMASS.2024.3462548

Wei Xue;Yonghao Wang;Yuchi Wang;Yue Wang;Mingyang Du;Xiao Zheng

{"title":"Toward a Better Tradeoff Between Accuracy and Robustness for Image Classification via Adversarial Feature Diversity","authors":"Wei Xue;Yonghao Wang;Yuchi Wang;Yue Wang;Mingyang Du;Xiao Zheng","doi":"10.1109/JMASS.2024.3462548","DOIUrl":null,"url":null,"abstract":"Deep neural network-based image classification models are vulnerable to adversarial examples, which are meticulously crafted to mislead the model by adding perturbations to clean images. Although adversarial training demonstrates outstanding performance in enhancing models robustness against adversarial examples, it often incurs the expense of accuracy. To address this problem, this article proposes a strategy to achieve a better tradeoff between accuracy and robustness, which mainly consists of symbol perturbations and examples mixing. First, we employ a symbol processing approach for randomly generated initial perturbations, which makes model identify the correct parameter attack direction faster during the training process. Second, we put forward a methodology that utilizes a mixture of different examples to generate more distinct adversarial features. Further, we utilize scaling conditions for tensor feature modulation, enabling the model to achieve both improved accuracy and robustness after learning more diverse adversarial features. Finally, we conduct extensive experiments to show the feasibility and effectiveness of the proposed methods.","PeriodicalId":100624,"journal":{"name":"IEEE Journal on Miniaturization for Air and Space Systems","volume":"5 4","pages":"254-264"},"PeriodicalIF":0.0000,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Journal on Miniaturization for Air and Space Systems","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10681571/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Deep neural network-based image classification models are vulnerable to adversarial examples, which are meticulously crafted to mislead the model by adding perturbations to clean images. Although adversarial training demonstrates outstanding performance in enhancing models robustness against adversarial examples, it often incurs the expense of accuracy. To address this problem, this article proposes a strategy to achieve a better tradeoff between accuracy and robustness, which mainly consists of symbol perturbations and examples mixing. First, we employ a symbol processing approach for randomly generated initial perturbations, which makes model identify the correct parameter attack direction faster during the training process. Second, we put forward a methodology that utilizes a mixture of different examples to generate more distinct adversarial features. Further, we utilize scaling conditions for tensor feature modulation, enabling the model to achieve both improved accuracy and robustness after learning more diverse adversarial features. Finally, we conduct extensive experiments to show the feasibility and effectiveness of the proposed methods.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

通过逆向特征多样性，在图像分类的准确性和稳健性之间实现更好的权衡

基于深度神经网络的图像分类模型很容易受到对抗范例的影响，这些范例经过精心设计，通过对干净图像添加扰动来误导模型。虽然对抗训练在增强模型对对抗性示例的鲁棒性方面表现出色，但它往往会牺牲准确性。为了解决这个问题，本文提出了一种在准确性和鲁棒性之间实现更好权衡的策略，主要包括符号扰动和示例混合。首先，我们对随机生成的初始扰动采用了符号处理方法，这使得模型在训练过程中能更快地识别正确的参数攻击方向。其次，我们提出了一种方法，利用不同示例的混合来生成更明显的对抗特征。此外，我们还利用张量特征调制的缩放条件，使模型在学习到更多不同的对抗特征后，既能提高准确性，又能提高鲁棒性。最后，我们进行了大量实验，以展示所提方法的可行性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊