Towards Adversarial Robustness for Multi-Mode Data through Metric Learning
Author:
Khan Sarwar123, Chen Jun-Cheng12, Liao Wen-Hung23, Chen Chu-Song4
Affiliation:
1. Research Center for Information Technology Innovation, Academia Sinica, Taipei 11529, Taiwan 2. Social Networks Human-Centered Computing, Taiwan International Graduate Program, Academia Sinica, Taipei 11529, Taiwan 3. Department of Computer Science, National Chengchi University, Taipei 11605, Taiwan 4. Department of Computer Science and Information Engineering, National Taiwan University, Taipei 106319, Taiwan
Abstract
Adversarial attacks have become one of the most serious security issues in widely used deep neural networks. Even though real-world datasets usually have large intra-variations or multiple modes, most adversarial defense methods, such as adversarial training, which is currently one of the most effective defense methods, mainly focus on the single-mode setting and thus fail to capture the full data representation to defend against adversarial attacks. To confront this challenge, we propose a novel multi-prototype metric learning regularization for adversarial training which can effectively enhance the defense capability of adversarial training by preventing the latent representation of the adversarial example changing a lot from its clean one. With extensive experiments on CIFAR10, CIFAR100, MNIST, and Tiny ImageNet, the evaluation results show the proposed method improves the performance of different state-of-the-art adversarial training methods without additional computational cost. Furthermore, besides Tiny ImageNet, in the multi-prototype CIFAR10 and CIFAR100 where we reorganize the whole datasets of CIFAR10 and CIFAR100 into two and ten classes, respectively, the proposed method outperforms the state-of-the-art approach by 2.22% and 1.65%, respectively. Furthermore, the proposed multi-prototype method also outperforms its single-prototype version and other commonly used deep metric learning approaches as regularization for adversarial training and thus further demonstrates its effectiveness.
Funder
National Science and Technology Council
Subject
Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry
Reference63 articles.
1. Szeliski, R. (2010). Computer Vision: Algorithms and Applications, Springer Science, Business Media. 2. Gonzalez, R., and Woods, R. (2008). Digital Image Processing, Pearson. [3rd ed.]. Available online: http://www.amazon.com/Digital-Image-Processing-3rd-Edition/dp/013168728X. 3. Krizhevsky, A., Sutskever, I., and Hinton, G. (2012, January 3–6). ImageNet Classification with Deep Convolutional Neural Networks. Proceedings of the Advances in Neural information Processing Systems 25, Lake Tahoe, NV, USA. 4. He, K., Zhang, X., Ren, S., and Sun, J. (2016–1, January 26). Deep residual learning for image recognition. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA. 5. Szegedy, C., Toshev, A., and Erhan, D. (2013, January 5–10). Deep neural networks for object detection. Proceedings of the Advances in Neural information Processing Systems, Lake Tahoe, NV, USA.
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Potential of Unsupervised Deep Learning for Detection of EM Side-Channel Attacks;2023 IEEE Physical Assurance and Inspection of Electronics (PAINE);2023-10-24
|
|