Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
Enhancing Adversarial Robustness through Stable Adversarial Training
View through CrossRef
Deep neural network models are vulnerable to attacks from adversarial methods, such as gradient attacks. Evening small perturbations can cause significant differences in their predictions. Adversarial training (AT) aims to improve the model’s adversarial robustness against gradient attacks by generating adversarial samples and optimizing the adversarial training objective function of the model. Existing methods mainly focus on improving robust accuracy, balancing natural and robust accuracy and suppressing robust overfitting. They rarely consider the AT problem from the characteristics of deep neural networks themselves, such as the stability properties under certain conditions. From a mathematical perspective, deep neural networks with stable training processes may have a better ability to suppress overfitting, as their training process is smoother and avoids sudden drops in performance. We provide a proof of the existence of Ulam stability for deep neural networks. Ulam stability not only determines the existence of the solution for an operator inequality, but it also provides an error bound between the exact and approximate solutions. The feature subspace of a deep neural network with Ulam stability can be accurately characterized and constrained by a function with special properties and a controlled error boundary constant. This restricted feature subspace leads to a more stable training process. Based on these properties, we propose an adversarial training framework called Ulam stability adversarial training (US-AT). This framework can incorporate different Ulam stability conditions and benchmark AT models, optimize the construction of the optimal feature subspace, and consistently improve the model’s robustness and training stability. US-AT is simple and easy to use, and it can be easily integrated with existing multi-class AT models, such as GradAlign and TRADES. Experimental results show that US-AT methods can consistently improve the robust accuracy and training stability of benchmark models.
Title: Enhancing Adversarial Robustness through Stable Adversarial Training
Description:
Deep neural network models are vulnerable to attacks from adversarial methods, such as gradient attacks.
Evening small perturbations can cause significant differences in their predictions.
Adversarial training (AT) aims to improve the model’s adversarial robustness against gradient attacks by generating adversarial samples and optimizing the adversarial training objective function of the model.
Existing methods mainly focus on improving robust accuracy, balancing natural and robust accuracy and suppressing robust overfitting.
They rarely consider the AT problem from the characteristics of deep neural networks themselves, such as the stability properties under certain conditions.
From a mathematical perspective, deep neural networks with stable training processes may have a better ability to suppress overfitting, as their training process is smoother and avoids sudden drops in performance.
We provide a proof of the existence of Ulam stability for deep neural networks.
Ulam stability not only determines the existence of the solution for an operator inequality, but it also provides an error bound between the exact and approximate solutions.
The feature subspace of a deep neural network with Ulam stability can be accurately characterized and constrained by a function with special properties and a controlled error boundary constant.
This restricted feature subspace leads to a more stable training process.
Based on these properties, we propose an adversarial training framework called Ulam stability adversarial training (US-AT).
This framework can incorporate different Ulam stability conditions and benchmark AT models, optimize the construction of the optimal feature subspace, and consistently improve the model’s robustness and training stability.
US-AT is simple and easy to use, and it can be easily integrated with existing multi-class AT models, such as GradAlign and TRADES.
Experimental results show that US-AT methods can consistently improve the robust accuracy and training stability of benchmark models.
Related Results
ProDef-MDS: A Proactive Defense Mechanism Protecting Malware Detection Systems from Adversarial Attacks
ProDef-MDS: A Proactive Defense Mechanism Protecting Malware Detection Systems from Adversarial Attacks
Malware threatens cybersecurity by enabling data theft, unauthorized access, and extortion. Traditional malware detection systems (MDS) struggle with the increasing volume and comp...
Efficient Defense Against First Order Adversarial Attacks on Convolutional Neural Networks
Efficient Defense Against First Order Adversarial Attacks on Convolutional Neural Networks
Machine learning models, especially neural networks, are vulnerable to adversarial attacks, where inputs are purposefully altered to induce incorrect predictions. These adversarial...
Adversarial Training and Robustness in Machine Learning Frameworks
Adversarial Training and Robustness in Machine Learning Frameworks
In the realm of machine learning, ensuring robustness against adversarial attacks is increasingly crucial. Adversarial training has emerged as a prominent strategy to fortify model...
Adversarial Machine Learning: Attack Vectors, Defences, and Robustness
Adversarial Machine Learning: Attack Vectors, Defences, and Robustness
<p><b><i><span>Background.</span></i></b><span> Adversarial machine learning has progressed from a marginal concern within machine l...
An enhanced ensemble defense framework for boosting adversarial robustness of intrusion detection systems
An enhanced ensemble defense framework for boosting adversarial robustness of intrusion detection systems
Abstract
Machine learning (ML) and deep neural networks (DNN) have emerged as powerful tools for enhancing intrusion detection systems (IDS) in cybersecurity. However, re...
NeuroShield: A Neuro-Symbolic Framework for Adversarial Robustness
NeuroShield: A Neuro-Symbolic Framework for Adversarial Robustness
Abstract
Adversarial vulnerability and lack of interpretability are critical limitations of deep neural networks, especially in safety-sensitive settings such as au...
Adversarial Robustness Improvement for Deep Neural Networks
Adversarial Robustness Improvement for Deep Neural Networks
Abstract
Deep neural networks (DNNs) are key components for the implementation of autonomy in systems that operate in highly complex and unpredictable environments (self-dr...
Improving Adversarial Robustness via Finding Flat Minimum of the Weight Loss Landscape
Improving Adversarial Robustness via Finding Flat Minimum of the Weight Loss Landscape
<p>Recent studies have shown that robust overfitting and robust generalization gap are a major trouble in adversarial training of deep neural networks. These interesting prob...