NPAT 零空间预测对抗训练,实现零恶化

Hanyi Hu, Qiao Han, Kui Chen, Yao Yang
{"title":"NPAT 零空间预测对抗训练,实现零恶化","authors":"Hanyi Hu, Qiao Han, Kui Chen, Yao Yang","doi":"arxiv-2409.11754","DOIUrl":null,"url":null,"abstract":"To mitigate the susceptibility of neural networks to adversarial attacks,\nadversarial training has emerged as a prevalent and effective defense strategy.\nIntrinsically, this countermeasure incurs a trade-off, as it sacrifices the\nmodel's accuracy in processing normal samples. To reconcile the trade-off, we\npioneer the incorporation of null-space projection into adversarial training\nand propose two innovative Null-space Projection based Adversarial\nTraining(NPAT) algorithms tackling sample generation and gradient optimization,\nnamed Null-space Projected Data Augmentation (NPDA) and Null-space Projected\nGradient Descent (NPGD), to search for an overarching optimal solutions, which\nenhance robustness with almost zero deterioration in generalization\nperformance. Adversarial samples and perturbations are constrained within the\nnull-space of the decision boundary utilizing a closed-form null-space\nprojector, effectively mitigating threat of attack stemming from unreliable\nfeatures. Subsequently, we conducted experiments on the CIFAR10 and SVHN\ndatasets and reveal that our methodology can seamlessly combine with\nadversarial training methods and obtain comparable robustness while keeping\ngeneralization close to a high-accuracy model.","PeriodicalId":501301,"journal":{"name":"arXiv - CS - Machine Learning","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"NPAT Null-Space Projected Adversarial Training Towards Zero Deterioration\",\"authors\":\"Hanyi Hu, Qiao Han, Kui Chen, Yao Yang\",\"doi\":\"arxiv-2409.11754\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To mitigate the susceptibility of neural networks to adversarial attacks,\\nadversarial training has emerged as a prevalent and effective defense strategy.\\nIntrinsically, this countermeasure incurs a trade-off, as it sacrifices the\\nmodel's accuracy in processing normal samples. To reconcile the trade-off, we\\npioneer the incorporation of null-space projection into adversarial training\\nand propose two innovative Null-space Projection based Adversarial\\nTraining(NPAT) algorithms tackling sample generation and gradient optimization,\\nnamed Null-space Projected Data Augmentation (NPDA) and Null-space Projected\\nGradient Descent (NPGD), to search for an overarching optimal solutions, which\\nenhance robustness with almost zero deterioration in generalization\\nperformance. Adversarial samples and perturbations are constrained within the\\nnull-space of the decision boundary utilizing a closed-form null-space\\nprojector, effectively mitigating threat of attack stemming from unreliable\\nfeatures. Subsequently, we conducted experiments on the CIFAR10 and SVHN\\ndatasets and reveal that our methodology can seamlessly combine with\\nadversarial training methods and obtain comparable robustness while keeping\\ngeneralization close to a high-accuracy model.\",\"PeriodicalId\":501301,\"journal\":{\"name\":\"arXiv - CS - Machine Learning\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Machine Learning\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.11754\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Machine Learning","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.11754","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

为了降低神经网络对对抗性攻击的敏感性,对抗性训练已成为一种普遍而有效的防御策略。从本质上讲,这种对策需要权衡利弊,因为它牺牲了模型处理正常样本的准确性。为了调和这种权衡,我们率先在对抗训练中加入了空空间投影,并提出了两种创新的基于空空间投影的对抗训练(NPAT)算法,即空空间投影数据增强算法(NPDA)和空空间投影梯度下降算法(NPGD),这两种算法解决了样本生成和梯度优化的问题,以寻找总体最优解,从而在几乎不降低泛化性能的情况下提高鲁棒性。利用闭式空空间投影器将对抗样本和扰动限制在决策边界的空空间内,从而有效降低了来自不可靠特征的攻击威胁。随后,我们在 CIFAR10 和 SVHN 数据集上进行了实验,结果表明我们的方法可以与对抗训练方法无缝结合,并获得相当的鲁棒性,同时使泛化接近高精度模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
NPAT Null-Space Projected Adversarial Training Towards Zero Deterioration
To mitigate the susceptibility of neural networks to adversarial attacks, adversarial training has emerged as a prevalent and effective defense strategy. Intrinsically, this countermeasure incurs a trade-off, as it sacrifices the model's accuracy in processing normal samples. To reconcile the trade-off, we pioneer the incorporation of null-space projection into adversarial training and propose two innovative Null-space Projection based Adversarial Training(NPAT) algorithms tackling sample generation and gradient optimization, named Null-space Projected Data Augmentation (NPDA) and Null-space Projected Gradient Descent (NPGD), to search for an overarching optimal solutions, which enhance robustness with almost zero deterioration in generalization performance. Adversarial samples and perturbations are constrained within the null-space of the decision boundary utilizing a closed-form null-space projector, effectively mitigating threat of attack stemming from unreliable features. Subsequently, we conducted experiments on the CIFAR10 and SVHN datasets and reveal that our methodology can seamlessly combine with adversarial training methods and obtain comparable robustness while keeping generalization close to a high-accuracy model.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Almost Sure Convergence of Linear Temporal Difference Learning with Arbitrary Features The Impact of Element Ordering on LM Agent Performance Towards Interpretable End-Stage Renal Disease (ESRD) Prediction: Utilizing Administrative Claims Data with Explainable AI Techniques Extended Deep Submodular Functions Symmetry-Enriched Learning: A Category-Theoretic Framework for Robust Machine Learning Models
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1