{"title":"通过逆向特征多样性,在图像分类的准确性和稳健性之间实现更好的权衡","authors":"Wei Xue;Yonghao Wang;Yuchi Wang;Yue Wang;Mingyang Du;Xiao Zheng","doi":"10.1109/JMASS.2024.3462548","DOIUrl":null,"url":null,"abstract":"Deep neural network-based image classification models are vulnerable to adversarial examples, which are meticulously crafted to mislead the model by adding perturbations to clean images. Although adversarial training demonstrates outstanding performance in enhancing models robustness against adversarial examples, it often incurs the expense of accuracy. To address this problem, this article proposes a strategy to achieve a better tradeoff between accuracy and robustness, which mainly consists of symbol perturbations and examples mixing. First, we employ a symbol processing approach for randomly generated initial perturbations, which makes model identify the correct parameter attack direction faster during the training process. Second, we put forward a methodology that utilizes a mixture of different examples to generate more distinct adversarial features. Further, we utilize scaling conditions for tensor feature modulation, enabling the model to achieve both improved accuracy and robustness after learning more diverse adversarial features. Finally, we conduct extensive experiments to show the feasibility and effectiveness of the proposed methods.","PeriodicalId":100624,"journal":{"name":"IEEE Journal on Miniaturization for Air and Space Systems","volume":"5 4","pages":"254-264"},"PeriodicalIF":0.0000,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Toward a Better Tradeoff Between Accuracy and Robustness for Image Classification via Adversarial Feature Diversity\",\"authors\":\"Wei Xue;Yonghao Wang;Yuchi Wang;Yue Wang;Mingyang Du;Xiao Zheng\",\"doi\":\"10.1109/JMASS.2024.3462548\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep neural network-based image classification models are vulnerable to adversarial examples, which are meticulously crafted to mislead the model by adding perturbations to clean images. Although adversarial training demonstrates outstanding performance in enhancing models robustness against adversarial examples, it often incurs the expense of accuracy. To address this problem, this article proposes a strategy to achieve a better tradeoff between accuracy and robustness, which mainly consists of symbol perturbations and examples mixing. First, we employ a symbol processing approach for randomly generated initial perturbations, which makes model identify the correct parameter attack direction faster during the training process. Second, we put forward a methodology that utilizes a mixture of different examples to generate more distinct adversarial features. Further, we utilize scaling conditions for tensor feature modulation, enabling the model to achieve both improved accuracy and robustness after learning more diverse adversarial features. Finally, we conduct extensive experiments to show the feasibility and effectiveness of the proposed methods.\",\"PeriodicalId\":100624,\"journal\":{\"name\":\"IEEE Journal on Miniaturization for Air and Space Systems\",\"volume\":\"5 4\",\"pages\":\"254-264\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Journal on Miniaturization for Air and Space Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10681571/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Journal on Miniaturization for Air and Space Systems","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10681571/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Toward a Better Tradeoff Between Accuracy and Robustness for Image Classification via Adversarial Feature Diversity
Deep neural network-based image classification models are vulnerable to adversarial examples, which are meticulously crafted to mislead the model by adding perturbations to clean images. Although adversarial training demonstrates outstanding performance in enhancing models robustness against adversarial examples, it often incurs the expense of accuracy. To address this problem, this article proposes a strategy to achieve a better tradeoff between accuracy and robustness, which mainly consists of symbol perturbations and examples mixing. First, we employ a symbol processing approach for randomly generated initial perturbations, which makes model identify the correct parameter attack direction faster during the training process. Second, we put forward a methodology that utilizes a mixture of different examples to generate more distinct adversarial features. Further, we utilize scaling conditions for tensor feature modulation, enabling the model to achieve both improved accuracy and robustness after learning more diverse adversarial features. Finally, we conduct extensive experiments to show the feasibility and effectiveness of the proposed methods.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
