Adversarial training in logit space against tiny perturbations

Adversarial training in logit space against tiny perturbations

Adversarial training is wildly considered as one of the most effective ways to defend against adversarial examples. However, existing adversarial training methods consume unbearable time, due to the fact that they need to generate adversarial examples in a large input space. To speed up adversarial...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Multimedia systems 2023-12, Vol.29 (6), p.3277-3290
Hauptverfasser: Guan, Xiaohui, Shao, Qiqi, Qian, Yaguan, Yao, Tengteng, Wang, Bin
Format: Artikel
Sprache:eng
Schlagworte:
Computer Communication Networks
Computer Graphics
Computer Science
Cryptology
Data Storage Representation
Multimedia Information Systems
Operating Systems
Perturbation
Regular Paper
Training
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Adversarial training is wildly considered as one of the most effective ways to defend against adversarial examples. However, existing adversarial training methods consume unbearable time, due to the fact that they need to generate adversarial examples in a large input space. To speed up adversarial training, we propose a novel adversarial training method by generating endogenous adversarial examples (EAEs) rather than real adversarial examples, which is fulfilled by adding perturbations to the adversarial examples in the logit space, thus the gradient calculation can be avoided. In order to prove the validity of our method, extensive experiments are conducted on CIFAR-10 and ImageNet. The results show that our EAE adversarial training not only shortens the training time, but also enhances the robustness of model and has less impact on the accuracy of clean examples than the existing state-of-the-art methods.
ISSN:0942-4962
1432-1882
DOI:10.1007/s00530-023-01193-9