Towards Defending against Adversarial Examples via Attack-Invariant Features

被引：0

作者：

Zhou, Dawei ^{[1
,2
]}

Liu, Tongliang ^{[2
]}

Han, Bo ^{[3
]}

Wang, Nannan ^{[1
]}

Peng, Chunlei ^{[4
]}

Gao, Xinbo ^{[5
]}

机构：

[1] Xidian Univ, Sch Telecommun Engn, State Key Lab Integrated Serv Networks, Xian, Shaanxi, Peoples R China

[2] Univ Sydney, Sch Comp Sci, Trustworthy Machine Learning Lab, Sydney, NSW, Australia

[3] Hong Kong Baptist Univ, Dept Comp Sci, Hong Kong, Peoples R China

[4] Xidian Univ, State Key Lab Integrated Serv Networks, Sch Cyber Engn, Xian, Shaanxi, Peoples R China

[5] Chongqing Univ Posts & Telecommun, Chongqing Key Lab Image Cognit, Chongqing, Peoples R China

来源：

INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 139 | 2021年 / 139卷

基金：

澳大利亚研究理事会; 中国国家自然科学基金;

关键词：

CORTEX;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Deep neural networks (DNNs) are vulnerable to adversarial noise. Their adversarial robustness can be improved by exploiting adversarial examples. However, given the continuously evolving attacks, models trained on seen types of adversarial examples generally cannot generalize well to unseen types of adversarial examples. To solve this problem, in this paper, we propose to remove adversarial noise by learning generalizable invariant features across attacks which maintain semantic classification information. Specifically, we introduce an adversarial feature learning mechanism to disentangle invariant features from adversarial noise. A normalization term has been proposed in the encoded space of the attack-invariant features to address the bias issue between the seen and unseen types of attacks. Empirical evaluations demonstrate that our method could provide better protection in comparison to previous state-of-the-art approaches, especially against unseen types of attacks and adaptive attacks.

引用

页数：11

共 50 条

[31] Defending against Deep-Learning-Based Flow Correlation Attacks with Adversarial Examples
Zhang, Ziwei
Ye, Dengpan
Security and Communication Networks, 2022, 2022
[32] Evaluating Defensive Distillation for Defending Text Processing Neural Networks Against Adversarial Examples
Soll, Marcus
Hinz, Tobias
Magg, Sven
Wermter, Stefan
ARTIFICIAL NEURAL NETWORKS AND MACHINE LEARNING - ICANN 2019: IMAGE PROCESSING, PT III, 2019, 11729 : 685 - 696
[33] Defending Against Deep Learning-Based Traffic Fingerprinting Attacks With Adversarial Examples
Hayden, Blake
Walsh, Timothy
Barton, Armon
ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2025, 28 (01)
[34] Enhancing transferability of adversarial examples via rotation-invariant attacks
Duan, Yexin
Zou, Junhua
Zhou, Xingyu
Zhang, Wu
Zhang, Jin
Pan, Zhisong
IET COMPUTER VISION, 2022, 16 (01) : 1 - 11
[35] Attack Agnostic Detection of Adversarial Examples via Random Subspace Analysis
Drenkow, Nathan
Fendley, Neil
Burlina, Philippe
2022 IEEE WINTER CONFERENCE ON APPLICATIONS OF COMPUTER VISION (WACV 2022), 2022, : 2815 - 2825
[36] GNP ATTACK: TRANSFERABLE ADVERSARIAL EXAMPLES VIA GRADIENT NORM PENALTY
Wu, Tao
Luo, Tie
Wunsch, Donald C.
2023 IEEE INTERNATIONAL CONFERENCE ON IMAGE PROCESSING, ICIP, 2023, : 3110 - 3114
[37] Defending Person Detection Against Adversarial Patch Attack by Using Universal Defensive Frame
Yu, Youngjoon
Lee, Hong Joo
Lee, Hakmin
Ro, Yong Man
IEEE TRANSACTIONS ON IMAGE PROCESSING, 2022, 31 : 6976 - 6990
[38] Pairing Weak with Strong: Twin Models for Defending against Adversarial Attack on Speaker Verification
Peng, Zhiyuan
Li, Xu
Lee, Tan
INTERSPEECH 2021, 2021, : 4284 - 4288
[39] Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope
Wong, Eric
Kolter, J. Zico
INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 80, 2018, 80
[40] Towards Transferable Adversarial Attack Against Deep Face Recognition
Zhong, Yaoyao
Deng, Weihong
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2021, 16 : 1452 - 1466

← 1 2 3 4 5 →