Towards Defending against Adversarial Examples via Attack-Invariant Features

被引：0

作者：

Zhou, Dawei ^{[1
,2
]}

Liu, Tongliang ^{[2
]}

Han, Bo ^{[3
]}

Wang, Nannan ^{[1
]}

Peng, Chunlei ^{[4
]}

Gao, Xinbo ^{[5
]}

机构：

[1] Xidian Univ, Sch Telecommun Engn, State Key Lab Integrated Serv Networks, Xian, Shaanxi, Peoples R China

[2] Univ Sydney, Sch Comp Sci, Trustworthy Machine Learning Lab, Sydney, NSW, Australia

[3] Hong Kong Baptist Univ, Dept Comp Sci, Hong Kong, Peoples R China

[4] Xidian Univ, State Key Lab Integrated Serv Networks, Sch Cyber Engn, Xian, Shaanxi, Peoples R China

[5] Chongqing Univ Posts & Telecommun, Chongqing Key Lab Image Cognit, Chongqing, Peoples R China

来源：

INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 139 | 2021年 / 139卷

基金：

澳大利亚研究理事会; 中国国家自然科学基金;

关键词：

CORTEX;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Deep neural networks (DNNs) are vulnerable to adversarial noise. Their adversarial robustness can be improved by exploiting adversarial examples. However, given the continuously evolving attacks, models trained on seen types of adversarial examples generally cannot generalize well to unseen types of adversarial examples. To solve this problem, in this paper, we propose to remove adversarial noise by learning generalizable invariant features across attacks which maintain semantic classification information. Specifically, we introduce an adversarial feature learning mechanism to disentangle invariant features from adversarial noise. A normalization term has been proposed in the encoded space of the attack-invariant features to address the bias issue between the seen and unseen types of attacks. Empirical evaluations demonstrate that our method could provide better protection in comparison to previous state-of-the-art approaches, especially against unseen types of attacks and adaptive attacks.

引用

页数：11

共 50 条

[21] Neuron Selecting: Defending Against Adversarial Examples in Deep Neural Networks
Zhang, Ming
Li, Hu
Kuang, Xiaohui
Pang, Ling
Wu, Zhendong
INFORMATION AND COMMUNICATIONS SECURITY (ICICS 2019), 2020, 11999 : 613 - 629
[22] MaliFuzz: Adversarial Malware Detection Model for Defending Against Fuzzing Attack
Xianwei Gao
Chun Shan
Changzhen Hu
Journal of Beijing Institute of Technology, 2024, 33 (05) : 436 - 449
[23] MaliFuzz: Adversarial Malware Detection Model for Defending Against Fuzzing Attack
Gao, Xianwei
Shan, Chun
Hu, Changzhen
Journal of Beijing Institute of Technology (English Edition), 2024, 33 (05): : 436 - 449
[24] Conditional Generative Adversarial Network-Based Image Denoising for Defending Against Adversarial Attack
Zhang, Haibo
Sakurai, Kouichi
IEEE ACCESS, 2021, 9 : 169031 - 169043
[25] Defending Physical Adversarial Attack on Object Detection via Adversarial Patch-Feature Energy
Kim, Taeheon
Yu, Youngjoon
Ro, Yong Man
PROCEEDINGS OF THE 30TH ACM INTERNATIONAL CONFERENCE ON MULTIMEDIA, MM 2022, 2022, : 1905 - 1913
[26] Boosting the transferability of adversarial examples via stochastic serial attack
Hao, Lingguang
Hao, Kuangrong
Wei, Bing
Tang, Xue-song
NEURAL NETWORKS, 2022, 150 : 58 - 67
[27] DiffDefense: Defending Against Adversarial Attacks via Diffusion Models
Silva, Hondamunige Prasanna
Seidenari, Lorenzo
Del Bimbo, Alberto
IMAGE ANALYSIS AND PROCESSING, ICIAP 2023, PT II, 2023, 14234 : 430 - 442
[28] Defending Against Adversarial Attacks via Neural Dynamic System
Li, Xiyuan
Zou, Xin
Liu, Weiwei
ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 35, NEURIPS 2022, 2022,
[29] Defending against Whitebox Adversarial Attacks via Randomized Discretization
Zhang, Yuchen
Liang, Percy
22ND INTERNATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND STATISTICS, VOL 89, 2019, 89 : 684 - 693
[30] Defending against Deep-Learning-Based Flow Correlation Attacks with Adversarial Examples
Zhang, Ziwei
Ye, Dengpan
SECURITY AND COMMUNICATION NETWORKS, 2022, 2022

← 1 2 3 4 5 →