Timezone: »
Despite the efficacy on a variety of computer vision tasks, deep neural networks (DNNs) are vulnerable to adversarial attacks, limiting their applications in security-critical systems. Recent works have shown the possibility of generating imperceptibly perturbed image inputs (a.k.a., adversarial examples) to fool well-trained DNN classifiers into making arbitrary predictions. To address this problem, we propose a training recipe named "deep defense". Our core idea is to integrate an adversarial perturbation-based regularizer into the classification objective, such that the obtained models learn to resist potential attacks, directly and precisely. The whole optimization problem is solved just like training a recursive network. Experimental results demonstrate that our method outperforms training with adversarial/Parseval regularizations by large margins on various datasets (including MNIST, CIFAR-10 and ImageNet) and different DNN architectures. Code and models for reproducing our results are available at https://github.com/ZiangYan/deepdefense.pytorch.
Author Information
Ziang Yan (Automation Department, Tsinghua University)
Yiwen Guo (Intel Labs China)
Changshui Zhang (Tsinghua University)
More from the Same Authors
-
2022 Poster: Synergy-of-Experts: Collaborate to Improve Adversarial Robustness »
Sen Cui · Jingfeng ZHANG · Jian Liang · Bo Han · Masashi Sugiyama · Changshui Zhang -
2021 Poster: Addressing Algorithmic Disparity and Performance Inconsistency in Federated Learning »
Sen Cui · Weishen Pan · Jian Liang · Changshui Zhang · Fei Wang -
2021 Poster: ReSSL: Relational Self-Supervised Learning with Weak Augmentation »
Mingkai Zheng · Shan You · Fei Wang · Chen Qian · Changshui Zhang · Xiaogang Wang · Chang Xu -
2020 Poster: Agree to Disagree: Adaptive Ensemble Knowledge Distillation in Gradient Space »
Shangchen Du · Shan You · Xiaojie Li · Jianlong Wu · Fei Wang · Chen Qian · Changshui Zhang -
2020 Poster: When Counterpoint Meets Chinese Folk Melodies »
Nan Jiang · Sheng Jin · Zhiyao Duan · Changshui Zhang -
2019 Poster: Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks »
Yiwen Guo · Ziang Yan · Changshui Zhang -
2018 : Adversarial Vision Challenge: Poster Session »
Yash Sharma · Lars Holdijk · Sascha Saralajew · Ziang Yan · Dmitrii Rashchenko · Iuliia Rashchenko · Jongseong Jang · Jungin Lee · jihyeun Yoon · KYUNGYUL KIM · Florian Laurent · Lukas Schott -
2018 Poster: Sparse DNNs with Improved Adversarial Robustness »
Yiwen Guo · Chao Zhang · Changshui Zhang · Yurong Chen -
2018 Poster: Connectionist Temporal Classification with Maximum Entropy Regularization »
Hu Liu · Sheng Jin · Changshui Zhang -
2018 Spotlight: Connectionist Temporal Classification with Maximum Entropy Regularization »
Hu Liu · Sheng Jin · Changshui Zhang -
2016 Poster: Dynamic Network Surgery for Efficient DNNs »
Yiwen Guo · Anbang Yao · Yurong Chen -
2012 Poster: Multi-Stage Multi-Task Feature Learning »
Pinghua Gong · Jieping Ye · Changshui Zhang -
2012 Spotlight: Multi-Stage Multi-Task Feature Learning »
Pinghua Gong · Jieping Ye · Changshui Zhang -
2010 Poster: Learning Kernels with Radiuses of Minimum Enclosing Balls »
Kun Gai · Guangyun Chen · Changshui Zhang