4.7 Article

Advancing Adversarial Training by Injecting Booster Signal

IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS (2023)

Get Full Text
Add to Collection

Journal

IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS
Volume -, Issue -, Pages -

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TNNLS.2023.3264256

Keywords

Robustness; Perturbation methods; Training; Learning systems; Glass box; Data models; Cost function; Adversarial defense; adversarial robustness; adversarial training (AT); booster signal

Categories

Computer Science, Artificial Intelligence Computer Science, Hardware & Architecture Computer Science, Theory & Methods Engineering, Electrical & Electronic

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

Recent research has shown that deep neural networks (DNNs) are highly susceptible to adversarial attacks. Adversarial training (AT) has been recognized as the most effective defense strategy against such attacks, although it may compromise natural accuracy. To address this issue, this article proposes a new approach that utilizes an external signal, known as a booster signal, to enhance adversarial robustness. The booster signal, optimized alongside model parameters, is injected outside the image without overlapping the original content, resulting in improved both adversarial and natural accuracy. Experimental results demonstrate that the booster signal can effectively enhance the performance of existing AT methods, and its optimization method is flexible and applicable.
Recent works have demonstrated that deep neural networks (DNNs) are highly vulnerable to adversarial attacks. To defend against adversarial attacks, many defense strategies have been proposed, among which adversarial training (AT) has been demonstrated to be the most effective strategy. However, it has been known that AT sometimes hurts natural accuracy. Then, many works focus on optimizing model parameters to handle the problem. Different from the previous approaches, in this article, we propose a new approach to improve the adversarial robustness using an external signal rather than model parameters. In the proposed method, a well-optimized universal external signal called a booster signal is injected into the outside of the image which does not overlap with the original content. Then, it boosts both adversarial robustness and natural accuracy. The booster signal is optimized in parallel to model parameters step by step collaboratively. Experimental results show that the booster signal can improve both the natural and robust accuracies over the recent state-of-the-art AT methods. Also, optimizing the booster signal is general and flexible enough to be adopted on any existing AT methods.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.