Adversarial Robustness in Deep Neural Networks based on Variable Attributes Stochastic Ensemble Model-Reference-Cited by-同舟云学术

Adversarial Robustness in Deep Neural Networks based on Variable Attributes Stochastic Ensemble Model

Published:2022-08-22 Issue: Volume: Page:
ISSN:
Container-title:
language:
Short-container-title:

Author:

Qin Ruoxi¹,Wang Linyuan¹,Du Xuehui¹,Xie Pengfei¹,Chen Xingyuan¹,Yan Bin¹

Affiliation:

1. PLA Strategy Support Force Information Engineering University

Abstract

Abstract Deep neural networks (DNN) have been shown to suffer from critical vulnerabilities under adversarial attacks. This phenomenon stimulated the creation of different attack and defense strategies similar to those adopted in cyberspace security. The dependence of such strategies on attack and defense mechanisms makes the associated algorithms on both sides appear as closely reciprocating processes, where the defense method are particularly passive in these processes. Inspired by the dynamic defense approach proposed in cyberspace to solve this endless arm race, this paper defines the model order, network structure and smoothing parameters as ensemble variable attributes and proposes a stochastic strategy to builds upon ensemble model through heterogeneous and redundancy models. The proposed method introduces the diversity and randomness characteristic to deep neural network to change the fixed correspondence gradient between input and output. The unpredictability and diversity of gradients makes it impossible for attackers to directly implement white-box attacks so as to handle the extreme transferability and vulnerability of ensemble models under white-box attacks. Experimental comparison of ASR-vs-distortion curves with different attack scenarios shows that even the attacker with the highest attack capability cannot easily exceed the attack success rate associated with the ensemble smoothed model, especially under untargeted attacks.

Publisher

Research Square Platform LLC

Reference74 articles.

1. Ka Ho Chow and Wenqi Wei and Yanzhao Wu and Ling Liu (2019) Denoising and Verification Cross-Layer Ensemble Against Black-box Adversarial Attacks. {IEEE}, https://doi.org/10.1109/BigData47090.2019.9006090, Fri, 06 Mar 2020 00:00:00 +0100, 1282--1291, 10.1109/BigData47090.2019.9006090, 2019 {IEEE} International Conference on Big Data (Big Data), Los Angeles, CA, USA, December 9-12, 2019, https://dblp.org/rec/conf/bigdataconf/ChowWW019.bib, dblp computer science bibliography, https://dblp.org

2. Ka Ho Chow and Wenqi Wei and Yanzhao Wu and Ling Liu (2019) Denoising and Verification Cross-Layer Ensemble Against Black-box Adversarial Attacks. {IEEE}, https://doi.org/10.1109/BigData47090.2019.9006090, Fri, 06 Mar 2020 00:00:00 +0100, 1282--1291, 10.1109/BigData47090.2019.9006090, 2019 {IEEE} International Conference on Big Data (Big Data), Los Angeles, CA, USA, December 9-12, 2019, https://dblp.org/rec/conf/bigdataconf/ChowWW019.bib, dblp computer science bibliography, https://dblp.org

3. Xu, Weilin and Evans, David and Qi, Yanjun (2017) Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 https://arxiv.org/abs/1704.01155

4. Bhagoji, Arjun Nitin and Cullina, Daniel and Sitawarin, Chawin and Mittal, Prateek (2018) Enhancing robustness of machine learning systems via data transformations. 1--5, IEEE, 2018 52nd Annual Conference on Information Sciences and Systems (CISS)

5. Meng, Dongyu and Chen, Hao (2017) Magnet: a two-pronged defense against adversarial examples. 135--147, Proceedings of the 2017 ACM SIGSAC conference on computer and communications security

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Adversarial defence by learning differentiated feature representation in deep ensemble;Machine Vision and Applications;2024-07