Inter-separability and intra-concentration to enhance stochastic neural network adversarial robustness

IF 3.9 3区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Pattern Recognition Letters Pub Date : 2025-03-01 DOI:10.1016/j.patrec.2025.02.028

Omar Dardour , Eduardo Aguilar , Petia Radeva , Mourad Zaied

{"title":"Inter-separability and intra-concentration to enhance stochastic neural network adversarial robustness","authors":"Omar Dardour , Eduardo Aguilar , Petia Radeva , Mourad Zaied","doi":"10.1016/j.patrec.2025.02.028","DOIUrl":null,"url":null,"abstract":"<div><div>It has been shown that Deep Neural Networks can be easily fooled by adding an imperceptible noise termed as adversarial examples. To address this issue, in this paper, we propose a defense method called Inter-Separability and Intra-Concentration Stochastic Neural Networks (ISIC-SNN). The suggested ISIC-SNN method learns to enlarge between different label representations using label embedding and a designed inter-separability loss. It introduces uncertainty in the features latent space using the variational information bottleneck method and enhances compactness in stochastic features using intra-concentration loss. Finally, it uses dot-product similarity between stochastic feature representations and label embedding to classify features. ISIC-SNN learns in standard training which is much more efficient than adversarial training. Experiments on datasets SVHN, CIFAR-10 and CIFAR-100 demonstrate the superior defensive capability of the proposed method compared to various SNNs defensive methods.</div></div>","PeriodicalId":54638,"journal":{"name":"Pattern Recognition Letters","volume":"191 ","pages":"Pages 1-7"},"PeriodicalIF":3.9000,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pattern Recognition Letters","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167865525000704","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

It has been shown that Deep Neural Networks can be easily fooled by adding an imperceptible noise termed as adversarial examples. To address this issue, in this paper, we propose a defense method called Inter-Separability and Intra-Concentration Stochastic Neural Networks (ISIC-SNN). The suggested ISIC-SNN method learns to enlarge between different label representations using label embedding and a designed inter-separability loss. It introduces uncertainty in the features latent space using the variational information bottleneck method and enhances compactness in stochastic features using intra-concentration loss. Finally, it uses dot-product similarity between stochastic feature representations and label embedding to classify features. ISIC-SNN learns in standard training which is much more efficient than adversarial training. Experiments on datasets SVHN, CIFAR-10 and CIFAR-100 demonstrate the superior defensive capability of the proposed method compared to various SNNs defensive methods.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Pattern Recognition Letters 工程技术-计算机：人工智能

CiteScore

12.40

自引率

5.90%

发文量

287

审稿时长

9.1 months

期刊介绍： Pattern Recognition Letters aims at rapid publication of concise articles of a broad interest in pattern recognition. Subject areas include all the current fields of interest represented by the Technical Committees of the International Association of Pattern Recognition, and other developing themes involving learning and recognition.