{"title":"基于对抗泛化的图像分类集成模型解缠","authors":"Chenwei Li, Mengyuan Pan, Bo Yang, Hengwei Zhang","doi":"10.1109/EEI59236.2023.10212535","DOIUrl":null,"url":null,"abstract":"Convolutional neural networks are widely used in computer vision and image processing. However, when the original input is added with manually imperceptible perturbations, these deep network models mostly tend to output incorrect predictions. The vulnerability of these models poses great threat to intelligent applications, and these manually imperceptible perturbations are called adversarial examples. Current baseline methods have achieved considerable white-box attack success rate, but black-box rate remains to be improved. To boost the adversarial generalization, ensemble models method is introduced to the process of generating adversarial examples. This paper proposes multiple ensemble strategies with baseline attack methods based on existing ensemble strategy used by former methods. Experiment on ImageNet dataset empirically verifies the optimal ensemble strategy on boosting adversarial generalization.","PeriodicalId":363603,"journal":{"name":"2023 5th International Conference on Electronic Engineering and Informatics (EEI)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Disentangling Ensemble Models on Adversarial Generalization in Image Classification\",\"authors\":\"Chenwei Li, Mengyuan Pan, Bo Yang, Hengwei Zhang\",\"doi\":\"10.1109/EEI59236.2023.10212535\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Convolutional neural networks are widely used in computer vision and image processing. However, when the original input is added with manually imperceptible perturbations, these deep network models mostly tend to output incorrect predictions. The vulnerability of these models poses great threat to intelligent applications, and these manually imperceptible perturbations are called adversarial examples. Current baseline methods have achieved considerable white-box attack success rate, but black-box rate remains to be improved. To boost the adversarial generalization, ensemble models method is introduced to the process of generating adversarial examples. This paper proposes multiple ensemble strategies with baseline attack methods based on existing ensemble strategy used by former methods. Experiment on ImageNet dataset empirically verifies the optimal ensemble strategy on boosting adversarial generalization.\",\"PeriodicalId\":363603,\"journal\":{\"name\":\"2023 5th International Conference on Electronic Engineering and Informatics (EEI)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 5th International Conference on Electronic Engineering and Informatics (EEI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EEI59236.2023.10212535\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 5th International Conference on Electronic Engineering and Informatics (EEI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EEI59236.2023.10212535","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Disentangling Ensemble Models on Adversarial Generalization in Image Classification
Convolutional neural networks are widely used in computer vision and image processing. However, when the original input is added with manually imperceptible perturbations, these deep network models mostly tend to output incorrect predictions. The vulnerability of these models poses great threat to intelligent applications, and these manually imperceptible perturbations are called adversarial examples. Current baseline methods have achieved considerable white-box attack success rate, but black-box rate remains to be improved. To boost the adversarial generalization, ensemble models method is introduced to the process of generating adversarial examples. This paper proposes multiple ensemble strategies with baseline attack methods based on existing ensemble strategy used by former methods. Experiment on ImageNet dataset empirically verifies the optimal ensemble strategy on boosting adversarial generalization.