{"title":"基于混合架构的进化鲁棒神经架构搜索","authors":"Shangshang Yang;Xiangkun Sun;Ke Xu;Yuanchao Liu;Ye Tian;Xingyi Zhang","doi":"10.1109/TETCI.2024.3400867","DOIUrl":null,"url":null,"abstract":"The robustness of neural networks in image classification is important to resist adversarial attacks. Although many researchers proposed to enhance the network robustness by inventing network training paradigms or designing network architectures, existing approaches are mainly based on a single type of networks, e.g., convolution neural networks (CNNs) or vision Transformer (ViT). Considering a recently revealed fact that CNNs and ViT can effectively defend against adversarial attacks transferred from each other, this paper aims to enhance network robustness by designing robust hybrid architecture networks containing different types of networks. To this end, we propose a hybrid architecture-based evolutionary neural architecture search approach for robust architecture design, termed HA-ENAS. Specifically, to combine or aggregate different types of networks in the same network framework, a multi-stage block-wise hybrid architecture network is first devised as the supernet, where three types of blocks (called convolution blocks, Transformer blocks, multi-layer perception blocks) are further designed as each block's candidate, and thus a hybrid architecture-based search space is established for HA-ENAS; then, the robust hybrid architecture search is formulated as an optimization problem maximizing both clean and adversarial accuracy of architectures, and an efficient multi-objective evolutionary algorithm is employed to solve the problem, where a supernet-based retraining evaluation and a surrogate model are used to mitigate coupled weight influence and reduce the whole search cost. Experimental results show that the hybrid architectures found by the proposed HA-ENAS outperform state-of-the-art single-type architectures in terms of clean accuracy and adversarial accuracy under a variety of common attacks.","PeriodicalId":13135,"journal":{"name":"IEEE Transactions on Emerging Topics in Computational Intelligence","volume":"8 4","pages":"2919-2934"},"PeriodicalIF":5.3000,"publicationDate":"2024-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Hybrid Architecture-Based Evolutionary Robust Neural Architecture Search\",\"authors\":\"Shangshang Yang;Xiangkun Sun;Ke Xu;Yuanchao Liu;Ye Tian;Xingyi Zhang\",\"doi\":\"10.1109/TETCI.2024.3400867\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The robustness of neural networks in image classification is important to resist adversarial attacks. Although many researchers proposed to enhance the network robustness by inventing network training paradigms or designing network architectures, existing approaches are mainly based on a single type of networks, e.g., convolution neural networks (CNNs) or vision Transformer (ViT). Considering a recently revealed fact that CNNs and ViT can effectively defend against adversarial attacks transferred from each other, this paper aims to enhance network robustness by designing robust hybrid architecture networks containing different types of networks. To this end, we propose a hybrid architecture-based evolutionary neural architecture search approach for robust architecture design, termed HA-ENAS. Specifically, to combine or aggregate different types of networks in the same network framework, a multi-stage block-wise hybrid architecture network is first devised as the supernet, where three types of blocks (called convolution blocks, Transformer blocks, multi-layer perception blocks) are further designed as each block's candidate, and thus a hybrid architecture-based search space is established for HA-ENAS; then, the robust hybrid architecture search is formulated as an optimization problem maximizing both clean and adversarial accuracy of architectures, and an efficient multi-objective evolutionary algorithm is employed to solve the problem, where a supernet-based retraining evaluation and a surrogate model are used to mitigate coupled weight influence and reduce the whole search cost. Experimental results show that the hybrid architectures found by the proposed HA-ENAS outperform state-of-the-art single-type architectures in terms of clean accuracy and adversarial accuracy under a variety of common attacks.\",\"PeriodicalId\":13135,\"journal\":{\"name\":\"IEEE Transactions on Emerging Topics in Computational Intelligence\",\"volume\":\"8 4\",\"pages\":\"2919-2934\"},\"PeriodicalIF\":5.3000,\"publicationDate\":\"2024-03-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Emerging Topics in Computational Intelligence\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10541069/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computational Intelligence","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10541069/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
摘要
在图像分类中,神经网络的鲁棒性对于抵御恶意攻击非常重要。尽管许多研究人员提出通过发明网络训练范式或设计网络架构来增强网络的鲁棒性,但现有方法主要基于单一类型的网络,如卷积神经网络(CNN)或视觉转换器(ViT)。考虑到最近揭示的一个事实,即 CNN 和 ViT 可以有效抵御相互转移的对抗性攻击,本文旨在通过设计包含不同类型网络的鲁棒混合架构网络来增强网络的鲁棒性。为此,我们提出了一种基于混合架构的鲁棒架构设计进化神经架构搜索方法,称为 HA-ENAS。具体来说,为了在同一网络框架中组合或聚合不同类型的网络,我们首先设计了一个多阶段分块式混合架构网络作为超级网络,并进一步设计了三种类型的分块(称为卷积分块、变换器分块和多层感知分块)作为每个分块的候选,从而为 HA-ENAS 建立了一个基于混合架构的搜索空间;然后,将鲁棒混合架构搜索表述为一个优化问题,使架构的清洁度和对抗精度都最大化,并采用高效的多目标进化算法来解决该问题,其中基于超网的再训练评估和代理模型用于减轻耦合权重的影响并降低整个搜索成本。实验结果表明,在各种常见攻击下,HA-ENAS 所发现的混合架构在净精度和对抗精度方面都优于最先进的单一类型架构。
The robustness of neural networks in image classification is important to resist adversarial attacks. Although many researchers proposed to enhance the network robustness by inventing network training paradigms or designing network architectures, existing approaches are mainly based on a single type of networks, e.g., convolution neural networks (CNNs) or vision Transformer (ViT). Considering a recently revealed fact that CNNs and ViT can effectively defend against adversarial attacks transferred from each other, this paper aims to enhance network robustness by designing robust hybrid architecture networks containing different types of networks. To this end, we propose a hybrid architecture-based evolutionary neural architecture search approach for robust architecture design, termed HA-ENAS. Specifically, to combine or aggregate different types of networks in the same network framework, a multi-stage block-wise hybrid architecture network is first devised as the supernet, where three types of blocks (called convolution blocks, Transformer blocks, multi-layer perception blocks) are further designed as each block's candidate, and thus a hybrid architecture-based search space is established for HA-ENAS; then, the robust hybrid architecture search is formulated as an optimization problem maximizing both clean and adversarial accuracy of architectures, and an efficient multi-objective evolutionary algorithm is employed to solve the problem, where a supernet-based retraining evaluation and a surrogate model are used to mitigate coupled weight influence and reduce the whole search cost. Experimental results show that the hybrid architectures found by the proposed HA-ENAS outperform state-of-the-art single-type architectures in terms of clean accuracy and adversarial accuracy under a variety of common attacks.
期刊介绍:
The IEEE Transactions on Emerging Topics in Computational Intelligence (TETCI) publishes original articles on emerging aspects of computational intelligence, including theory, applications, and surveys.
TETCI is an electronics only publication. TETCI publishes six issues per year.
Authors are encouraged to submit manuscripts in any emerging topic in computational intelligence, especially nature-inspired computing topics not covered by other IEEE Computational Intelligence Society journals. A few such illustrative examples are glial cell networks, computational neuroscience, Brain Computer Interface, ambient intelligence, non-fuzzy computing with words, artificial life, cultural learning, artificial endocrine networks, social reasoning, artificial hormone networks, computational intelligence for the IoT and Smart-X technologies.