L773:2162 237X
Sökning: L773:2162 237X > Guidance Through Su...
- 19 av 28
- Föregående post
- Nästa post
- Till träfflistan
Guidance Through Surrogate: Toward a Generic Diagnostic Attack
-
- Naseer, Muzammal (författare)
- Mohamed Bin Zayed Univ Artificial Intelligence, U Arab Emirates; Australian Natl Univ, Australia
-
- Khan, Salman (författare)
- Mohamed Bin Zayed Univ Artificial Intelligence, U Arab Emirates; Australian Natl Univ, Australia
-
- Porikli, Fatih (författare)
- Qualcomm, CA 92121 USA
- visa fler...
- visa färre...
- (creator_code:org_t)
- 2022
- 2022
- Engelska.
- Ingår i: IEEE Transactions on Neural Networks and Learning Systems. - : IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC. - 2162-237X .- 2162-2388.
- Tidskriftsartikel (refereegranskat)
Abstract
Ämnesord
Stäng
- Adversarial training (AT) is an effective approach to making deep neural networks robust against adversarial attacks. Recently, different AT defenses are proposed that not only maintain a high clean accuracy but also show significant robustness against popular and well-studied adversarial attacks, such as projected gradient descent (PGD). High adversarial robustness can also arise if an attack fails to find adversarial gradient directions, a phenomenon known as "gradient masking." In this work, we analyze the effect of label smoothing on AT as one of the potential causes of gradient masking. We then develop a guided mechanism to avoid local minima during attack optimization, leading to a novel attack dubbed guided projected gradient attack (G-PGA). Our attack approach is based on a "match and deceive" loss that finds optimal adversarial directions through guidance from a surrogate model. Our modified attack does not require random restarts a large number of attack iterations or a search for optimal step size. Furthermore, our proposed G-PGA is generic, thus it can be combined with an ensemble attack strategy as we demonstrate in the case of auto-attack, leading to efficiency and convergence speed improvements. More than an effective attack, G-PGA can be used as a diagnostic tool to reveal elusive robustness due to gradient masking in adversarial defenses.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datavetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Sciences (hsv//eng)
Nyckelord
- Smoothing methods; Robustness; Training; Optimization; Behavioral sciences; Computational modeling; Perturbation methods; Adversarial attack; gradient masking; guided optimization; image classification; label smoothing
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
- IEEE Transactions on Neural Networks and Learning Systems (Sök värdpublikationen i LIBRIS)
Till lärosätets databas
- 19 av 28
- Föregående post
- Nästa post
- Till träfflistan
Hitta mer i SwePub
- Av författaren/redakt...
- Naseer, Muzammal
- Khan, Salman
- Porikli, Fatih
- Khan, Fahad
- Om ämnet
-
- NATURVETENSKAP
- NATURVETENSKAP
- och Data och informa ...
- och Datavetenskap
- Artiklar i publikationen
- IEEE Transaction ...
- Av lärosätet
- Linköpings universitet
Sök utanför SwePub
- Sök vidare i:
- Google Book Search
- Google Scholar
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
- Copyright © LIBRIS - Nationella bibliotekssystem
- LIBRIS.kb.se
