A Tunable Framework for Joint Trade-Off Between Accuracy and Multi-Norm Robustness

IF 5.3 3区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IEEE Transactions on Emerging Topics in Computational Intelligence Pub Date : 2025-02-21 DOI:10.1109/TETCI.2025.3540419

Haonan Zheng;Xinyang Deng;Wen Jiang

{"title":"A Tunable Framework for Joint Trade-Off Between Accuracy and Multi-Norm Robustness","authors":"Haonan Zheng;Xinyang Deng;Wen Jiang","doi":"10.1109/TETCI.2025.3540419","DOIUrl":null,"url":null,"abstract":"Adversarial training enhances the robustness of deep networks at the cost of reduced natural accuracy. Moreover, networks fortified struggle to simultaneously defend against both sparse and dense perturbations. Thus, achieving a better trade-off between natural accuracy and robustness against both types of noise remains an open challenge. Many proposed approaches explore solutions based on network architecture optimization. But, in most cases, the additional parameters introduced are static, meaning that once network training is completed, the performance remains unchanged, and retraining is required to explore other potential trade-offs. We propose two dynamic auxiliary modules, CBNI and CCNI, which can fine-tune convolutional layers and BN layers, respectively, during the inference phase, so that the trained network can still adjust its emphasis on natural examples, sparse perturbations or dense perturbations. This means our network can achieve an appropriate balance to adapt to the operational environment in situ, without retraining. Furthermore, fully exploring natural capability and robustness limits is a complex and time-consuming problem. Our method can serve as an efficient research tool to examine the achievable trade-offs with just a single training. It is worth mentioning that CCNI is a linear adjustment and CBNI does not directly participate in the inference process. Therefore, both of them don't introduce redundant parameters and inference latency. Experiments indicate that our network can indeed achieve a complex trade-off between accuracy and adversarial robustness, producing performance that is comparable to or even better than existing methods.","PeriodicalId":13135,"journal":{"name":"IEEE Transactions on Emerging Topics in Computational Intelligence","volume":"9 2","pages":"1490-1501"},"PeriodicalIF":5.3000,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computational Intelligence","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10897885/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial training enhances the robustness of deep networks at the cost of reduced natural accuracy. Moreover, networks fortified struggle to simultaneously defend against both sparse and dense perturbations. Thus, achieving a better trade-off between natural accuracy and robustness against both types of noise remains an open challenge. Many proposed approaches explore solutions based on network architecture optimization. But, in most cases, the additional parameters introduced are static, meaning that once network training is completed, the performance remains unchanged, and retraining is required to explore other potential trade-offs. We propose two dynamic auxiliary modules, CBNI and CCNI, which can fine-tune convolutional layers and BN layers, respectively, during the inference phase, so that the trained network can still adjust its emphasis on natural examples, sparse perturbations or dense perturbations. This means our network can achieve an appropriate balance to adapt to the operational environment in situ, without retraining. Furthermore, fully exploring natural capability and robustness limits is a complex and time-consuming problem. Our method can serve as an efficient research tool to examine the achievable trade-offs with just a single training. It is worth mentioning that CCNI is a linear adjustment and CBNI does not directly participate in the inference process. Therefore, both of them don't introduce redundant parameters and inference latency. Experiments indicate that our network can indeed achieve a complex trade-off between accuracy and adversarial robustness, producing performance that is comparable to or even better than existing methods.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computational Intelligence Mathematics-Control and Optimization

CiteScore

10.30

自引率

7.50%

发文量

147

期刊介绍： The IEEE Transactions on Emerging Topics in Computational Intelligence (TETCI) publishes original articles on emerging aspects of computational intelligence, including theory, applications, and surveys. TETCI is an electronics only publication. TETCI publishes six issues per year. Authors are encouraged to submit manuscripts in any emerging topic in computational intelligence, especially nature-inspired computing topics not covered by other IEEE Computational Intelligence Society journals. A few such illustrative examples are glial cell networks, computational neuroscience, Brain Computer Interface, ambient intelligence, non-fuzzy computing with words, artificial life, cultural learning, artificial endocrine networks, social reasoning, artificial hormone networks, computational intelligence for the IoT and Smart-X technologies.