Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
Enhancing Adversarial Robustness through Stable Adversarial Training
View through CrossRef
Deep neural network models are vulnerable to attacks from adversarial methods, such as gradient attacks. Evening small perturbations can cause significant differences in their predictions. Adversarial training (AT) aims to improve the model’s adversarial robustness against gradient attacks by generating adversarial samples and optimizing the adversarial training objective function of the model. Existing methods mainly focus on improving robust accuracy, balancing natural and robust accuracy and suppressing robust overfitting. They rarely consider the AT problem from the characteristics of deep neural networks themselves, such as the stability properties under certain conditions. From a mathematical perspective, deep neural networks with stable training processes may have a better ability to suppress overfitting, as their training process is smoother and avoids sudden drops in performance. We provide a proof of the existence of Ulam stability for deep neural networks. Ulam stability not only determines the existence of the solution for an operator inequality, but it also provides an error bound between the exact and approximate solutions. The feature subspace of a deep neural network with Ulam stability can be accurately characterized and constrained by a function with special properties and a controlled error boundary constant. This restricted feature subspace leads to a more stable training process. Based on these properties, we propose an adversarial training framework called Ulam stability adversarial training (US-AT). This framework can incorporate different Ulam stability conditions and benchmark AT models, optimize the construction of the optimal feature subspace, and consistently improve the model’s robustness and training stability. US-AT is simple and easy to use, and it can be easily integrated with existing multi-class AT models, such as GradAlign and TRADES. Experimental results show that US-AT methods can consistently improve the robust accuracy and training stability of benchmark models.
Title: Enhancing Adversarial Robustness through Stable Adversarial Training
Description:
Deep neural network models are vulnerable to attacks from adversarial methods, such as gradient attacks.
Evening small perturbations can cause significant differences in their predictions.
Adversarial training (AT) aims to improve the model’s adversarial robustness against gradient attacks by generating adversarial samples and optimizing the adversarial training objective function of the model.
Existing methods mainly focus on improving robust accuracy, balancing natural and robust accuracy and suppressing robust overfitting.
They rarely consider the AT problem from the characteristics of deep neural networks themselves, such as the stability properties under certain conditions.
From a mathematical perspective, deep neural networks with stable training processes may have a better ability to suppress overfitting, as their training process is smoother and avoids sudden drops in performance.
We provide a proof of the existence of Ulam stability for deep neural networks.
Ulam stability not only determines the existence of the solution for an operator inequality, but it also provides an error bound between the exact and approximate solutions.
The feature subspace of a deep neural network with Ulam stability can be accurately characterized and constrained by a function with special properties and a controlled error boundary constant.
This restricted feature subspace leads to a more stable training process.
Based on these properties, we propose an adversarial training framework called Ulam stability adversarial training (US-AT).
This framework can incorporate different Ulam stability conditions and benchmark AT models, optimize the construction of the optimal feature subspace, and consistently improve the model’s robustness and training stability.
US-AT is simple and easy to use, and it can be easily integrated with existing multi-class AT models, such as GradAlign and TRADES.
Experimental results show that US-AT methods can consistently improve the robust accuracy and training stability of benchmark models.
Related Results
Improving Adversarial Robustness via Finding Flat Minimum of the Weight Loss Landscape
Improving Adversarial Robustness via Finding Flat Minimum of the Weight Loss Landscape
<p>Recent studies have shown that robust overfitting and robust generalization gap are a major trouble in adversarial training of deep neural networks. These interesting prob...
Adversarial attacks on deepfake detection: Assessing vulnerability and robustness in video-based models
Adversarial attacks on deepfake detection: Assessing vulnerability and robustness in video-based models
The increasing prevalence of deepfake media has led to significant advancements in detection models, but these models remain vulnerable to adversarial attacks that exploit weakness...
Fortify the Guardian, Not the Treasure: Resilient Adversarial Detectors
Fortify the Guardian, Not the Treasure: Resilient Adversarial Detectors
Adaptive adversarial attacks, where adversaries tailor their strategies with full knowledge of defense mechanisms, pose significant challenges to the robustness of adversarial dete...
Enhancing the Robustness of Zero-Shot LLMs Against Adversarial Prompts
Enhancing the Robustness of Zero-Shot LLMs Against Adversarial Prompts
Zero-shot large language models (LLMs) have proven highly effective in performing a wide range of tasks without the
need for task-specific training, making them versatile tools in ...
Characterizing Robustness of Deep Neural Networks in Semantic Segmentation of Fluorescence Microscopy Images
Characterizing Robustness of Deep Neural Networks in Semantic Segmentation of Fluorescence Microscopy Images
<p>Fluorescence microscopy (FM) is an imaging technique with many important applications in biomedical sciences. After FM images are acquired, segmentation is often the first...
Characterizing Robustness of Deep Neural Networks in Semantic Segmentation of Fluorescence Microscopy Images
Characterizing Robustness of Deep Neural Networks in Semantic Segmentation of Fluorescence Microscopy Images
<p>Fluorescence microscopy (FM) is an imaging technique with many important applications in biomedical sciences. After FM images are acquired, segmentation is often the first...
Robustness Analysis of Radar Micro-Doppler Classification under Corruptions
Robustness Analysis of Radar Micro-Doppler Classification under Corruptions
<p>Radar-based human activity recognition (HAR) is a popular research field. Despite claims of high accuracy on self-collected datasets, the ability of these models to handle...
Training of youths for effective self-employment practices
Training of youths for effective self-employment practices
PurposeCurrently, there is widespread consensus that training is helpful to the long-term success of business competitive advantages. However, youth continue to invest in various s...