Knowledge Commons of Institute of Automation,CAS
Binary thresholding defense against adversarial attacks | |
Yutong Wang1,2; Wenwen Zhang1,3; Tianyu Shen1,2; Hui Yu4; Fei-Yue Wang1 | |
发表期刊 | Neurocomputing |
ISSN | 0925-2312 |
2021 | |
卷号 | 445期号:445页码:61-71 |
通讯作者 | Wang, Fei-Yue(feiyue.wang@ia.ac.cn) |
摘要 | Convolutional neural networks are always vulnerable to adversarial attacks. In recent research, Projected Gradient Descent (PGD) has been recognized as the most effective attack method, and adversarial training on adversarial examples generated by PGD attack is the most reliable defense method. However, adversarial training requires a large amount of computation time. In this paper, we propose a fast, simple and strong defense method that achieves the best speed-accuracy trade-off. We first compare the feature maps of naturally trained model with adversarially trained model in same architecture, then we find the key of adversarially trained model lies on the binary thresholding the convolutional layers perform. Inspired by this, we perform binary thresholding to preprocess the input image and defend against PGD attack. On MNIST, our defense achieves 99.0% accuracy on clean images and 91.2% on white-box adversarial images. This performance is slightly better than adversarial training, and our method largely saves the computation time for retraining. On Fashion-MNIST and CIFAR-10, we train a new model on binarized images and use this model to defend against attack. Though its performance is not as good as adversarial training, it gains the best speed-accuracy trade-off. |
关键词 | Binary thresholding Defense Adversarial training Adversarial attack |
DOI | 10.1016/j.neucom.2021.03.036 |
收录类别 | SCI |
语种 | 英语 |
WOS研究方向 | Computer Science |
WOS类目 | Computer Science, Artificial Intelligence |
WOS记录号 | WOS:000652811800006 |
出版者 | ELSEVIER |
七大方向——子方向分类 | 机器博弈 |
引用统计 | |
文献类型 | 期刊论文 |
条目标识符 | http://ir.ia.ac.cn/handle/173211/44700 |
专题 | 多模态人工智能系统全国重点实验室_平行智能技术与系统团队 |
通讯作者 | Fei-Yue Wang |
作者单位 | 1.The State Key Laboratory for Management and Control of Complex Systems, Institute of Automation, Chinese Academy of Sciences 2.School of Artificial Intelligence, University of Chinese Academy of Sciences 3.School of Software Engineering, Xi'an Jiaotong University 4.School of Creative Technologies, University of Portsmouth |
第一作者单位 | 中国科学院自动化研究所 |
通讯作者单位 | 中国科学院自动化研究所 |
推荐引用方式 GB/T 7714 | Yutong Wang,Wenwen Zhang,Tianyu Shen,et al. Binary thresholding defense against adversarial attacks[J]. Neurocomputing,2021,445(445):61-71. |
APA | Yutong Wang,Wenwen Zhang,Tianyu Shen,Hui Yu,&Fei-Yue Wang.(2021).Binary thresholding defense against adversarial attacks.Neurocomputing,445(445),61-71. |
MLA | Yutong Wang,et al."Binary thresholding defense against adversarial attacks".Neurocomputing 445.445(2021):61-71. |
条目包含的文件 | 下载所有文件 | |||||
文件名称/大小 | 文献类型 | 版本类型 | 开放类型 | 使用许可 | ||
1-s2.0-S092523122100(1771KB) | 期刊论文 | 作者接受稿 | 开放获取 | CC BY-NC-SA | 浏览 下载 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论