中文版 | English
Title

Robust Deep Learning Models against Semantic-Preserving Adversarial Attack

Author
Corresponding AuthorGao,Dashan
DOI
Publication Years
2023
Conference Name
International Joint Conference on Neural Networks (IJCNN)
ISSN
2161-4393
Source Title
Volume
2023-June
Conference Date
JUN 18-23, 2023
Conference Place
null,Broadbeach,AUSTRALIA
Publication Place
345 E 47TH ST, NEW YORK, NY 10017 USA
Publisher
Abstract
Deep learning models can be fooled by small lp-norm adversarial perturbations and natural perturbations in terms of attributes. Although the robustness against each perturbation has been explored, it remains a challenge to address the robustness against joint perturbations effectively. In this paper, we study the robustness of deep learning models against joint perturbations by proposing a novel attack mechanism named Semantic-Preserving Adversarial (SPA) attack, which can then be used to enhance adversarial training. Specifically, we introduce an attribute manipulator to generate natural and human-comprehensible perturbations and a noise generator to generate diverse adversarial noises. Based on such combined noises, we optimize both the attribute value and the diversity variable to generate jointly-perturbed samples. For robust training, we adversarially train the deep learning model against the generated joint perturbations. Empirical results on four benchmarks show that the SPA attack causes a larger performance decline with small l∞ norm-ball constraints compared to existing approaches. Furthermore, our SPA-enhanced training outperforms existing defense methods against such joint perturbations.
Keywords
SUSTech Authorship
First ; Corresponding
Language
English
URL[Source Record]
Indexed By
Funding Project
Guangdong Provincial Key Laboratory[2020B121201001] ; National Natural Science Foundation of China[62250710682]
WOS Research Area
Computer Science ; Engineering
WOS Subject
Computer Science, Artificial Intelligence ; Computer Science, Hardware & Architecture ; Engineering, Electrical & Electronic
WOS Accession No
WOS:001046198701035
Scopus EID
2-s2.0-85169592337
Data Source
Scopus
Citation statistics
Cited Times [WOS]:0
Document TypeConference paper
Identifierhttp://kc.sustech.edu.cn/handle/2SGJ60CL/560074
DepartmentSouthern University of Science and Technology
Affiliation
1.Dept. of Cse,SUSTech,Shenzhen,China
2.Dept. of Cse,University of Technology,Sydney,Australia
3.SUSTech,Hkust,Dept. of CSE,Hong Kong
4.Huawei Technologies Co.,Ltd.,Shenzhen,China
First Author AffilicationSouthern University of Science and Technology
Corresponding Author AffilicationSouthern University of Science and Technology
First Author's First AffilicationSouthern University of Science and Technology
Recommended Citation
GB/T 7714
Zhao,Yunce,Gao,Dashan,Yao,Yinghua,et al. Robust Deep Learning Models against Semantic-Preserving Adversarial Attack[C]. 345 E 47TH ST, NEW YORK, NY 10017 USA:IEEE,2023.
Files in This Item:
There are no files associated with this item.
Related Services
Fulltext link
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Export to Excel
Export to Csv
Altmetrics Score
Google Scholar
Similar articles in Google Scholar
[Zhao,Yunce]'s Articles
[Gao,Dashan]'s Articles
[Yao,Yinghua]'s Articles
Baidu Scholar
Similar articles in Baidu Scholar
[Zhao,Yunce]'s Articles
[Gao,Dashan]'s Articles
[Yao,Yinghua]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[Zhao,Yunce]'s Articles
[Gao,Dashan]'s Articles
[Yao,Yinghua]'s Articles
Terms of Use
No data!
Social Bookmark/Share
No comment.

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.