One radish, One hole: Specific adversarial training for enhancing neural network’s robustness

Autor: Xiaoming Huang, Guowen Xu, Shuai Yuan, Yun Zhang, Hongwei Li
Rok vydání: 2021
Předmět:
Zdroj: Peer-to-Peer Networking and Applications. 14:2262-2274
ISSN: 1936-6450
1936-6442
Popis: Adversarial training has become one of the most widely used methods to defense the attack of adversarial examples, since its properties of improving the robustness of neural networks. To achieve this, many representative works have been proposed to optimize the hyper-parameters in the adversarial training, so as to obtain the optimal trade-off between model classification accuracy and robustness. However, existing works are still in its infancy, especially in terms of model accuracy and training efficiency. In this paper, we propose Specific Adversarial Training(SAT), a novel framework to solve this challenge. Specifically, SAT improves the process of adversarial training by crafting specific perturbation and label for each data point. With this, these generated samples can close and properly cross the decision boundary meanwhile obtain an ideal label, which performs a positive effects in adversarial training. Experimental results show that our method can achieve 88.62% natural accuracy while the adversarial accuracy also improve from 43.79% to 52.34% in the CIFAR-10 dataset. Meanwhile, we achieve a higher efficiency compared to prior works.
Databáze: OpenAIRE
Externí odkaz: