Effective Single-Step Adversarial Training With Energy-Based Models

IF 5.3 3区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IEEE Transactions on Emerging Topics in Computational Intelligence Pub Date : 2024-03-29 DOI:10.1109/TETCI.2024.3378652

Keke Tang;Tianrui Lou;Weilong Peng;Nenglun Chen;Yawen Shi;Wenping Wang

引用次数: 0

Abstract

Adversarial training (AT) is one of the most effective ways against adversarial attacks. However, multi-step AT is time-consuming while single-step AT is ineffective. In this paper, we propose an Energy-AT framework to make single-step AT as effective as multi-step ones, by exploiting the two properties of energy-based models (EBM). First, we utilize the Helmholtz free energy in EBM to push generated examples to be outside of the distribution boundaries of their categories, such that they are more adversarial. Second, we apply an adaptive temperature scheme in EBM to amplify the training gradients of weak adversarial examples targetedly, such that those originally hard-to-learn examples contribute to the robustification of models also. Extensive experiments validate that Energy-AT improves the robustness of models significantly to adversarial attacks in both white-box and black-box settings, and outperforms the state-of-the-art methods.

查看原文本刊更多论文

利用基于能量的模型进行有效的单步对抗训练

对抗性训练（AT）是对抗对抗性攻击最有效的方法之一。然而，多步骤对抗训练耗时长，单步骤对抗训练效果差。在本文中，我们利用基于能量的模型（EBM）的两个特性，提出了一个能量-AT 框架，使单步 AT 与多步 AT 一样有效。首先，我们利用 EBM 中的赫尔姆霍兹自由能，将生成的示例推到其类别分布边界之外，使其更具对抗性。其次，我们在 EBM 中应用自适应温度方案，有针对性地放大弱对抗性示例的训练梯度，从而使这些原本难以学习的示例也有助于模型的稳健化。广泛的实验验证了 Energy-AT 在白盒和黑盒环境下都能显著提高模型对对抗性攻击的鲁棒性，并且优于最先进的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computational Intelligence Mathematics-Control and Optimization

CiteScore

10.30

自引率

7.50%

发文量

147

期刊介绍： The IEEE Transactions on Emerging Topics in Computational Intelligence (TETCI) publishes original articles on emerging aspects of computational intelligence, including theory, applications, and surveys. TETCI is an electronics only publication. TETCI publishes six issues per year. Authors are encouraged to submit manuscripts in any emerging topic in computational intelligence, especially nature-inspired computing topics not covered by other IEEE Computational Intelligence Society journals. A few such illustrative examples are glial cell networks, computational neuroscience, Brain Computer Interface, ambient intelligence, non-fuzzy computing with words, artificial life, cultural learning, artificial endocrine networks, social reasoning, artificial hormone networks, computational intelligence for the IoT and Smart-X technologies.