通过数据依赖激活、总变异最小化和对抗训练进行对抗性防御

IF 1.2 4区 数学 Q2 MATHEMATICS, APPLIED Inverse Problems and Imaging Pub Date : 2021-01-01 DOI:10.3934/ipi.2020046
Bao Wang, A. Lin, Penghang Yin, Wei Zhu, A. Bertozzi, S. Osher
{"title":"通过数据依赖激活、总变异最小化和对抗训练进行对抗性防御","authors":"Bao Wang, A. Lin, Penghang Yin, Wei Zhu, A. Bertozzi, S. Osher","doi":"10.3934/ipi.2020046","DOIUrl":null,"url":null,"abstract":"We improve the robustness of Deep Neural Net (DNN) to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation remarkably improves both the generalization and robustness of DNN. In the CIFAR10 benchmark, we raise the robust accuracy of the adversarially trained ResNet20 from \\begin{document}$ \\sim 46\\% $\\end{document} to \\begin{document}$ \\sim 69\\% $\\end{document} under the state-of-the-art Iterative Fast Gradient Sign Method (IFGSM) based adversarial attack. When we combine this data-dependent activation with total variation minimization on adversarial images and training data augmentation, we achieve an improvement in robust accuracy by 38.9 \\begin{document}$ \\% $\\end{document} for ResNet56 under the strongest IFGSM attack. Furthermore, We provide an intuitive explanation of our defense by analyzing the geometry of the feature space.","PeriodicalId":50274,"journal":{"name":"Inverse Problems and Imaging","volume":null,"pages":null},"PeriodicalIF":1.2000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Adversarial defense via the data-dependent activation, total variation minimization, and adversarial training\",\"authors\":\"Bao Wang, A. Lin, Penghang Yin, Wei Zhu, A. Bertozzi, S. Osher\",\"doi\":\"10.3934/ipi.2020046\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We improve the robustness of Deep Neural Net (DNN) to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation remarkably improves both the generalization and robustness of DNN. In the CIFAR10 benchmark, we raise the robust accuracy of the adversarially trained ResNet20 from \\\\begin{document}$ \\\\sim 46\\\\% $\\\\end{document} to \\\\begin{document}$ \\\\sim 69\\\\% $\\\\end{document} under the state-of-the-art Iterative Fast Gradient Sign Method (IFGSM) based adversarial attack. When we combine this data-dependent activation with total variation minimization on adversarial images and training data augmentation, we achieve an improvement in robust accuracy by 38.9 \\\\begin{document}$ \\\\% $\\\\end{document} for ResNet56 under the strongest IFGSM attack. Furthermore, We provide an intuitive explanation of our defense by analyzing the geometry of the feature space.\",\"PeriodicalId\":50274,\"journal\":{\"name\":\"Inverse Problems and Imaging\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.2000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Inverse Problems and Imaging\",\"FirstCategoryId\":\"100\",\"ListUrlMain\":\"https://doi.org/10.3934/ipi.2020046\",\"RegionNum\":4,\"RegionCategory\":\"数学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"MATHEMATICS, APPLIED\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Inverse Problems and Imaging","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.3934/ipi.2020046","RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATHEMATICS, APPLIED","Score":null,"Total":0}
引用次数: 4

摘要

We improve the robustness of Deep Neural Net (DNN) to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation remarkably improves both the generalization and robustness of DNN. In the CIFAR10 benchmark, we raise the robust accuracy of the adversarially trained ResNet20 from \begin{document}$ \sim 46\% $\end{document} to \begin{document}$ \sim 69\% $\end{document} under the state-of-the-art Iterative Fast Gradient Sign Method (IFGSM) based adversarial attack. When we combine this data-dependent activation with total variation minimization on adversarial images and training data augmentation, we achieve an improvement in robust accuracy by 38.9 \begin{document}$ \% $\end{document} for ResNet56 under the strongest IFGSM attack. Furthermore, We provide an intuitive explanation of our defense by analyzing the geometry of the feature space.
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Adversarial defense via the data-dependent activation, total variation minimization, and adversarial training
We improve the robustness of Deep Neural Net (DNN) to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation remarkably improves both the generalization and robustness of DNN. In the CIFAR10 benchmark, we raise the robust accuracy of the adversarially trained ResNet20 from \begin{document}$ \sim 46\% $\end{document} to \begin{document}$ \sim 69\% $\end{document} under the state-of-the-art Iterative Fast Gradient Sign Method (IFGSM) based adversarial attack. When we combine this data-dependent activation with total variation minimization on adversarial images and training data augmentation, we achieve an improvement in robust accuracy by 38.9 \begin{document}$ \% $\end{document} for ResNet56 under the strongest IFGSM attack. Furthermore, We provide an intuitive explanation of our defense by analyzing the geometry of the feature space.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Inverse Problems and Imaging
Inverse Problems and Imaging 数学-物理:数学物理
CiteScore
2.50
自引率
0.00%
发文量
55
审稿时长
>12 weeks
期刊介绍: Inverse Problems and Imaging publishes research articles of the highest quality that employ innovative mathematical and modeling techniques to study inverse and imaging problems arising in engineering and other sciences. Every published paper has a strong mathematical orientation employing methods from such areas as control theory, discrete mathematics, differential geometry, harmonic analysis, functional analysis, integral geometry, mathematical physics, numerical analysis, optimization, partial differential equations, and stochastic and statistical methods. The field of applications includes medical and other imaging, nondestructive testing, geophysical prospection and remote sensing as well as image analysis and image processing. This journal is committed to recording important new results in its field and will maintain the highest standards of innovation and quality. To be published in this journal, a paper must be correct, novel, nontrivial and of interest to a substantial number of researchers and readers.
期刊最新文献
Inverse problems of identifying the time-dependent source coefficient for subelliptic heat equations Imaging of conductivity distribution based on a combined reconstruction method in brain electrical impedance tomography Deblurring photographs of characters using deep neural networks Determination of piecewise homogeneous sources for elastic and electromagnetic waves Nonlinearity parameter imaging in the frequency domain
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1