An orthogonal classifier for improving the adversarial robustness of neural networks

Cong Xu; Xiang Li; Min Yang

doi:10.1016/j.ins.2022.01.039

An orthogonal classifier for improving the adversarial robustness of neural networks

Cong Xu
, Xiang Li
, Min Yang^*

^*Corresponding author for this work

School of Data Science and Engineering

Yantai University

Research output: Contribution to journal › Article › peer-review

10 Scopus citations

Abstract

Neural networks are susceptible to artificially designed adversarial perturbations. Recent efforts have shown that imposing certain modifications on classification layer can improve the robustness of the neural networks. In this paper, we explicitly construct a dense orthogonal weight matrix whose entries have the same magnitude, thereby leading to a novel robust classifier. The proposed classifier avoids the undesired structural redundancy issue in previous work. Applying this classifier in standard training on clean data is sufficient to ensure the high accuracy and good robustness of the model. Moreover, when extra adversarial samples are used, better robustness can be further obtained with the help of a special worst-case loss. Experimental results show that our method is efficient and competitive to many state-of-the-art defensive approaches. Our code is available at https://github.com/MTandHJ/roboc.

Original language	English
Pages (from-to)	251-262
Number of pages	12
Journal	Information Sciences
Volume	591
DOIs	https://doi.org/10.1016/j.ins.2022.01.039
State	Published - Apr 2022

Keywords

Adversarial robustness
Classification layer
Dense
Orthogonal

Access to Document

10.1016/j.ins.2022.01.039

Cite this

@article{1d16c6a20adf4024b022b852f2a9658a,

title = "An orthogonal classifier for improving the adversarial robustness of neural networks",

abstract = "Neural networks are susceptible to artificially designed adversarial perturbations. Recent efforts have shown that imposing certain modifications on classification layer can improve the robustness of the neural networks. In this paper, we explicitly construct a dense orthogonal weight matrix whose entries have the same magnitude, thereby leading to a novel robust classifier. The proposed classifier avoids the undesired structural redundancy issue in previous work. Applying this classifier in standard training on clean data is sufficient to ensure the high accuracy and good robustness of the model. Moreover, when extra adversarial samples are used, better robustness can be further obtained with the help of a special worst-case loss. Experimental results show that our method is efficient and competitive to many state-of-the-art defensive approaches. Our code is available at https://github.com/MTandHJ/roboc.",

keywords = "Adversarial robustness, Classification layer, Dense, Orthogonal",

author = "Cong Xu and Xiang Li and Min Yang",

note = "Publisher Copyright: {\textcopyright} 2022 Elsevier Inc.",

year = "2022",

month = apr,

doi = "10.1016/j.ins.2022.01.039",

language = "英语",

volume = "591",

pages = "251--262",

journal = "Information Sciences",

issn = "0020-0255",

publisher = "Elsevier Inc.",

}

TY - JOUR

T1 - An orthogonal classifier for improving the adversarial robustness of neural networks

AU - Xu, Cong

AU - Li, Xiang

AU - Yang, Min

PY - 2022/4

Y1 - 2022/4

N2 - Neural networks are susceptible to artificially designed adversarial perturbations. Recent efforts have shown that imposing certain modifications on classification layer can improve the robustness of the neural networks. In this paper, we explicitly construct a dense orthogonal weight matrix whose entries have the same magnitude, thereby leading to a novel robust classifier. The proposed classifier avoids the undesired structural redundancy issue in previous work. Applying this classifier in standard training on clean data is sufficient to ensure the high accuracy and good robustness of the model. Moreover, when extra adversarial samples are used, better robustness can be further obtained with the help of a special worst-case loss. Experimental results show that our method is efficient and competitive to many state-of-the-art defensive approaches. Our code is available at https://github.com/MTandHJ/roboc.

AB - Neural networks are susceptible to artificially designed adversarial perturbations. Recent efforts have shown that imposing certain modifications on classification layer can improve the robustness of the neural networks. In this paper, we explicitly construct a dense orthogonal weight matrix whose entries have the same magnitude, thereby leading to a novel robust classifier. The proposed classifier avoids the undesired structural redundancy issue in previous work. Applying this classifier in standard training on clean data is sufficient to ensure the high accuracy and good robustness of the model. Moreover, when extra adversarial samples are used, better robustness can be further obtained with the help of a special worst-case loss. Experimental results show that our method is efficient and competitive to many state-of-the-art defensive approaches. Our code is available at https://github.com/MTandHJ/roboc.

KW - Adversarial robustness

KW - Classification layer

KW - Dense

KW - Orthogonal

UR - https://www.scopus.com/pages/publications/85123680654

U2 - 10.1016/j.ins.2022.01.039

DO - 10.1016/j.ins.2022.01.039

M3 - 文章

AN - SCOPUS:85123680654

SN - 0020-0255

VL - 591

SP - 251

EP - 262

JO - Information Sciences

JF - Information Sciences

ER -

An orthogonal classifier for improving the adversarial robustness of neural networks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this