Enhancing Intrinsic Adversarial Robustness via Feature Pyramid Decoder

• URL: http://arxiv.org/abs/2005.02552v1
• Date: Wed, 6 May 2020 01:40:26 GMT
• Title: Enhancing Intrinsic Adversarial Robustness via Feature Pyramid Decoder
• Authors: Guanlin Li, Shuya Ding, Jun Luo, Chang Liu
• Abstract summary: We propose an attack-agnostic defence framework to enhance the intrinsic robustness of neural networks. Our framework applies to all block-based convolutional neural networks (CNNs)
• Score: 11.701729403940798
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Whereas adversarial training is employed as the main defence strategy against specific adversarial samples, it has limited generalization capability and incurs excessive time complexity. In this paper, we propose an attack-agnostic defence framework to enhance the intrinsic robustness of neural networks, without jeopardizing the ability of generalizing clean samples. Our Feature Pyramid Decoder (FPD) framework applies to all block-based convolutional neural networks (CNNs). It implants denoising and image restoration modules into a targeted CNN, and it also constraints the Lipschitz constant of the classification layer. Moreover, we propose a two-phase strategy to train the FPD-enhanced CNN, utilizing $\epsilon$-neighbourhood noisy images with multi-task and self-supervised learning. Evaluated against a variety of white-box and black-box attacks, we demonstrate that FPD-enhanced CNNs gain sufficient robustness against general adversarial samples on MNIST, SVHN and CALTECH. In addition, if we further conduct adversarial training, the FPD-enhanced CNNs perform better than their non-enhanced versions.

Related papers

• Impact of White-Box Adversarial Attacks on Convolutional Neural Networks [0.6138671548064356]
  We investigate the susceptibility of Convolutional Neural Networks (CNNs) to white-box adversarial attacks. Our study provides insights into the robustness of CNNs against adversarial threats.
  arXiv  Detail & Related papers  (2024-10-02T21:24:08Z)
• Evaluating Adversarial Robustness in the Spatial Frequency Domain [13.200404022208858]
  Convolutional Neural Networks (CNNs) have dominated the majority of computer vision tasks. CNNs' vulnerability to adversarial attacks has raised concerns about deploying these models to safety-critical applications. This paper presents an empirical study exploring the vulnerability of CNN models in the frequency domain.
  arXiv  Detail & Related papers  (2024-05-10T09:20:47Z)
• General Adversarial Defense Against Black-box Attacks via Pixel Level and Feature Level Distribution Alignments [75.58342268895564]
  We use Deep Generative Networks (DGNs) with a novel training mechanism to eliminate the distribution gap. The trained DGNs align the distribution of adversarial samples with clean ones for the target DNNs by translating pixel values. Our strategy demonstrates its unique effectiveness and generality against black-box attacks.
  arXiv  Detail & Related papers  (2022-12-11T01:51:31Z)
• Distributed Adversarial Training to Robustify Deep Neural Networks at Scale [100.19539096465101]
  Current deep neural networks (DNNs) are vulnerable to adversarial attacks, where adversarial perturbations to the inputs can change or manipulate classification. To defend against such attacks, an effective approach, known as adversarial training (AT), has been shown to mitigate robust training. We propose a large-batch adversarial training framework implemented over multiple machines.
  arXiv  Detail & Related papers  (2022-06-13T15:39:43Z)
• Neural Architecture Dilation for Adversarial Robustness [56.18555072877193]
  A shortcoming of convolutional neural networks is that they are vulnerable to adversarial attacks. This paper aims to improve the adversarial robustness of the backbone CNNs that have a satisfactory accuracy. Under a minimal computational overhead, a dilation architecture is expected to be friendly with the standard performance of the backbone CNN.
  arXiv  Detail & Related papers  (2021-08-16T03:58:00Z)
• Combating Adversaries with Anti-Adversaries [118.70141983415445]
  In particular, our layer generates an input perturbation in the opposite direction of the adversarial one. We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models. Our anti-adversary layer significantly enhances model robustness while coming at no cost on clean accuracy.
  arXiv  Detail & Related papers  (2021-03-26T09:36:59Z)
• BreakingBED -- Breaking Binary and Efficient Deep Neural Networks by Adversarial Attacks [65.2021953284622]
  We study robustness of CNNs against white-box and black-box adversarial attacks. Results are shown for distilled CNNs, agent-based state-of-the-art pruned models, and binarized neural networks.
  arXiv  Detail & Related papers  (2021-03-14T20:43:19Z)
• Adversarial Robustness Study of Convolutional Neural Network for Lumbar Disk Shape Reconstruction from MR images [1.2809525640002362]
  In this study, we investigated the in-distribution (IND) and out-of-distribution (OOD) adversarial robustness of a representative CNN for lumbar disk shape reconstruction from spine MR images. The results show that IND adversarial training can improve the CNN robustness to IND adversarial attacks, and larger training datasets may lead to higher IND robustness.
  arXiv  Detail & Related papers  (2021-02-04T20:57:49Z)
• A Neuro-Inspired Autoencoding Defense Against Adversarial Perturbations [11.334887948796611]
  Deep Neural Networks (DNNs) are vulnerable to adversarial attacks. Most effective current defense is to train the network using adversarially perturbed examples. In this paper, we investigate a radically different, neuro-inspired defense mechanism.
  arXiv  Detail & Related papers  (2020-11-21T21:03:08Z)
• Dynamic Divide-and-Conquer Adversarial Training for Robust Semantic Segmentation [79.42338812621874]
  Adversarial training is promising for improving robustness of deep neural networks towards adversarial perturbations. We formulate a general adversarial training procedure that can perform decently on both adversarial and clean samples. We propose a dynamic divide-and-conquer adversarial training (DDC-AT) strategy to enhance the defense effect.
  arXiv  Detail & Related papers  (2020-03-14T05:06:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.