Disentangling Ensemble Models on Adversarial Generalization in Image Classification

Abstract

Convolutional neural networks are widely used in computer vision and image processing. However, when the original input is added with manually imperceptible perturbations, these deep network models mostly tend to output incorrect predictions. The vulnerability of these models poses great threat to intelligent applications, and these manually imperceptible perturbations are called adversarial examples. Current baseline methods have achieved considerable white-box attack success rate, but black-box rate remains to be improved. To boost the adversarial generalization, ensemble models method is introduced to the process of generating adversarial examples. This paper proposes multiple ensemble strategies with baseline attack methods based on existing ensemble strategy used by former methods. Experiment on ImageNet dataset empirically verifies the optimal ensemble strategy on boosting adversarial generalization.