{"title":"基于神经网络的张量分解对抗防御方法","authors":"Wei He, Bingbing Song, Ruxin Wang, Wenyu Peng, Shenghong He, Wei Zhou","doi":"10.1109/acait53529.2021.9731274","DOIUrl":null,"url":null,"abstract":"In recent years, neural networks have shown strong performance on various tasks. However, neural networks show the vulnerability to carefully designed noise of adversarial examples. Through research, it is found that the neural networks usually have good robustness to common noise, but almost no resistance to carefully designed imperceptible perturbations noise of adversarial examples. To solve this problem, related works have proposed to transform the noise of the adversarial sample into random ordinary noise, which greatly protects the model from adversarial attack. To solve this problem, we propose an adversarial defense method based on tensor decomposition, which use tensor decomposition technology to decompose and reconstruct the image, and retain the main features of the image and remove the perturbation of adversarial examples. Based on traditional tensor decomposition method, we further propose the tensor decomposition of neural networks method (TDNN). Compared with traditional tensor decomposition, TDNN has better defense effect and lower running time. Beside TDNN can be combined with existing defense methods and does not require extra changes for model. Through Rigorous experiments show that TDNN can remove carefully added perturbation and greatly improve the robustness of the model.","PeriodicalId":173633,"journal":{"name":"2021 5th Asian Conference on Artificial Intelligence Technology (ACAIT)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"TDNN:A Tensor Decomposition Adversarial Defense Method Based on Neural Network\",\"authors\":\"Wei He, Bingbing Song, Ruxin Wang, Wenyu Peng, Shenghong He, Wei Zhou\",\"doi\":\"10.1109/acait53529.2021.9731274\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, neural networks have shown strong performance on various tasks. However, neural networks show the vulnerability to carefully designed noise of adversarial examples. Through research, it is found that the neural networks usually have good robustness to common noise, but almost no resistance to carefully designed imperceptible perturbations noise of adversarial examples. To solve this problem, related works have proposed to transform the noise of the adversarial sample into random ordinary noise, which greatly protects the model from adversarial attack. To solve this problem, we propose an adversarial defense method based on tensor decomposition, which use tensor decomposition technology to decompose and reconstruct the image, and retain the main features of the image and remove the perturbation of adversarial examples. Based on traditional tensor decomposition method, we further propose the tensor decomposition of neural networks method (TDNN). Compared with traditional tensor decomposition, TDNN has better defense effect and lower running time. Beside TDNN can be combined with existing defense methods and does not require extra changes for model. Through Rigorous experiments show that TDNN can remove carefully added perturbation and greatly improve the robustness of the model.\",\"PeriodicalId\":173633,\"journal\":{\"name\":\"2021 5th Asian Conference on Artificial Intelligence Technology (ACAIT)\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 5th Asian Conference on Artificial Intelligence Technology (ACAIT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/acait53529.2021.9731274\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 5th Asian Conference on Artificial Intelligence Technology (ACAIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/acait53529.2021.9731274","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TDNN:A Tensor Decomposition Adversarial Defense Method Based on Neural Network
In recent years, neural networks have shown strong performance on various tasks. However, neural networks show the vulnerability to carefully designed noise of adversarial examples. Through research, it is found that the neural networks usually have good robustness to common noise, but almost no resistance to carefully designed imperceptible perturbations noise of adversarial examples. To solve this problem, related works have proposed to transform the noise of the adversarial sample into random ordinary noise, which greatly protects the model from adversarial attack. To solve this problem, we propose an adversarial defense method based on tensor decomposition, which use tensor decomposition technology to decompose and reconstruct the image, and retain the main features of the image and remove the perturbation of adversarial examples. Based on traditional tensor decomposition method, we further propose the tensor decomposition of neural networks method (TDNN). Compared with traditional tensor decomposition, TDNN has better defense effect and lower running time. Beside TDNN can be combined with existing defense methods and does not require extra changes for model. Through Rigorous experiments show that TDNN can remove carefully added perturbation and greatly improve the robustness of the model.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
