Bao Wang, A. Lin, Penghang Yin, Wei Zhu, A. Bertozzi, S. Osher
{"title":"Adversarial defense via the data-dependent activation, total variation minimization, and adversarial training","authors":"Bao Wang, A. Lin, Penghang Yin, Wei Zhu, A. Bertozzi, S. Osher","doi":"10.3934/ipi.2020046","DOIUrl":null,"url":null,"abstract":"We improve the robustness of Deep Neural Net (DNN) to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation remarkably improves both the generalization and robustness of DNN. In the CIFAR10 benchmark, we raise the robust accuracy of the adversarially trained ResNet20 from \\begin{document}$ \\sim 46\\% $\\end{document} to \\begin{document}$ \\sim 69\\% $\\end{document} under the state-of-the-art Iterative Fast Gradient Sign Method (IFGSM) based adversarial attack. When we combine this data-dependent activation with total variation minimization on adversarial images and training data augmentation, we achieve an improvement in robust accuracy by 38.9 \\begin{document}$ \\% $\\end{document} for ResNet56 under the strongest IFGSM attack. Furthermore, We provide an intuitive explanation of our defense by analyzing the geometry of the feature space.","PeriodicalId":50274,"journal":{"name":"Inverse Problems and Imaging","volume":null,"pages":null},"PeriodicalIF":1.2000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Inverse Problems and Imaging","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.3934/ipi.2020046","RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATHEMATICS, APPLIED","Score":null,"Total":0}
引用次数: 4
Abstract
We improve the robustness of Deep Neural Net (DNN) to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation remarkably improves both the generalization and robustness of DNN. In the CIFAR10 benchmark, we raise the robust accuracy of the adversarially trained ResNet20 from \begin{document}$ \sim 46\% $\end{document} to \begin{document}$ \sim 69\% $\end{document} under the state-of-the-art Iterative Fast Gradient Sign Method (IFGSM) based adversarial attack. When we combine this data-dependent activation with total variation minimization on adversarial images and training data augmentation, we achieve an improvement in robust accuracy by 38.9 \begin{document}$ \% $\end{document} for ResNet56 under the strongest IFGSM attack. Furthermore, We provide an intuitive explanation of our defense by analyzing the geometry of the feature space.
We improve the robustness of Deep Neural Net (DNN) to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation remarkably improves both the generalization and robustness of DNN. In the CIFAR10 benchmark, we raise the robust accuracy of the adversarially trained ResNet20 from \begin{document}$ \sim 46\% $\end{document} to \begin{document}$ \sim 69\% $\end{document} under the state-of-the-art Iterative Fast Gradient Sign Method (IFGSM) based adversarial attack. When we combine this data-dependent activation with total variation minimization on adversarial images and training data augmentation, we achieve an improvement in robust accuracy by 38.9 \begin{document}$ \% $\end{document} for ResNet56 under the strongest IFGSM attack. Furthermore, We provide an intuitive explanation of our defense by analyzing the geometry of the feature space.
期刊介绍:
Inverse Problems and Imaging publishes research articles of the highest quality that employ innovative mathematical and modeling techniques to study inverse and imaging problems arising in engineering and other sciences. Every published paper has a strong mathematical orientation employing methods from such areas as control theory, discrete mathematics, differential geometry, harmonic analysis, functional analysis, integral geometry, mathematical physics, numerical analysis, optimization, partial differential equations, and stochastic and statistical methods. The field of applications includes medical and other imaging, nondestructive testing, geophysical prospection and remote sensing as well as image analysis and image processing.
This journal is committed to recording important new results in its field and will maintain the highest standards of innovation and quality. To be published in this journal, a paper must be correct, novel, nontrivial and of interest to a substantial number of researchers and readers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
