Adversarial Defense Via Local Flatness Regularization
| Autor: | Jia Xu, Yiming Li, Yong Jiang, Shu-Tao Xia |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
FOS: Computer and information sciences
Computer Science - Machine Learning Mathematical optimization Computer Science - Cryptography and Security Computer science Local flatness Computer Vision and Pattern Recognition (cs.CV) Computer Science - Computer Vision and Pattern Recognition Linearity 02 engineering and technology 010501 environmental sciences 01 natural sciences Machine Learning (cs.LG) Visualization Adversarial system symbols.namesake Robustness (computer science) 0202 electrical engineering electronic engineering information engineering Taylor series symbols 020201 artificial intelligence & image processing Cryptography and Security (cs.CR) 0105 earth and related environmental sciences |
| Zdroj: | ICIP |
| DOI: | 10.1109/icip40778.2020.9191346 |
| Popis: | Adversarial defense is a popular and important research area. Due to its intrinsic mechanism, one of the most straightforward and effective ways of defending attacks is to analyze the property of loss surface in the input space. In this paper, we define the local flatness of the loss surface as the maximum value of the chosen norm of the gradient regarding to the input within a neighborhood centered on the benign sample, and discuss the relationship between the local flatness and adversarial vulnerability. Based on the analysis, we propose a novel defense approach via regularizing the local flatness, dubbed local flatness regularization (LFR). We also demonstrate the effectiveness of the proposed method from other perspectives, such as human visual mechanism, and analyze the relationship between LFR and other related methods theoretically. Experiments are conducted to verify our theory and demonstrate the superiority of the proposed method. Accepted by the ICIP 2020. The first two authors contributed equally to this work |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|