Improving Adversarial Robustness of Deep Neural Networks via Linear Programming

Xiaochao Tang; Zhengfeng Yang; Xuanming Fu; Jianlin Wang; Zhenbing Zeng

doi:10.1007/978-3-031-10363-6_22

Improving Adversarial Robustness of Deep Neural Networks via Linear Programming

Xiaochao Tang, Zhengfeng Yang^*, Xuanming Fu, Jianlin Wang, Zhenbing Zeng

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.

Original language	English
Title of host publication	Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings
Editors	Yamine Aït-Ameur, Florin Crăciun
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	326-343
Number of pages	18
ISBN (Print)	9783031103629
DOIs	https://doi.org/10.1007/978-3-031-10363-6_22
State	Published - 2022
Event	16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022 - Cluj-Napoca, Romania Duration: 8 Jul 2022 → 10 Jul 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13299 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022
Country/Territory	Romania
City	Cluj-Napoca
Period	8/07/22 → 10/07/22

Keywords

Adversarial training
Linear programming
PGD
Robust training

Access to Document

10.1007/978-3-031-10363-6_22

Cite this

Tang, X., Yang, Z., Fu, X., Wang, J., & Zeng, Z. (2022). Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. In Y. Aït-Ameur, & F. Crăciun (Eds.), Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings (pp. 326-343). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13299 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-10363-6_22

Tang, Xiaochao ; Yang, Zhengfeng ; Fu, Xuanming et al. / Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. editor / Yamine Aït-Ameur ; Florin Crăciun. Springer Science and Business Media Deutschland GmbH, 2022. pp. 326-343 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0b2d342b17ce4a08beed622968b983bb,

title = "Improving Adversarial Robustness of Deep Neural Networks via Linear Programming",

abstract = "Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.",

keywords = "Adversarial training, Linear programming, PGD, Robust training",

author = "Xiaochao Tang and Zhengfeng Yang and Xuanming Fu and Jianlin Wang and Zhenbing Zeng",

note = "Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; 16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022 ; Conference date: 08-07-2022 Through 10-07-2022",

year = "2022",

doi = "10.1007/978-3-031-10363-6\_22",

language = "英语",

isbn = "9783031103629",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "326--343",

editor = "Yamine A{\"i}t-Ameur and Florin Cr{\u a}ciun",

booktitle = "Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings",

address = "德国",

}

Tang, X, Yang, Z, Fu, X, Wang, J & Zeng, Z 2022, Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. in Y Aït-Ameur & F Crăciun (eds), Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13299 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 326-343, 16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022, Cluj-Napoca, Romania, 8/07/22. https://doi.org/10.1007/978-3-031-10363-6_22

Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. / Tang, Xiaochao; Yang, Zhengfeng; Fu, Xuanming et al.
Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. ed. / Yamine Aït-Ameur; Florin Crăciun. Springer Science and Business Media Deutschland GmbH, 2022. p. 326-343 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13299 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Improving Adversarial Robustness of Deep Neural Networks via Linear Programming

AU - Tang, Xiaochao

AU - Yang, Zhengfeng

AU - Fu, Xuanming

AU - Wang, Jianlin

AU - Zeng, Zhenbing

PY - 2022

Y1 - 2022

N2 - Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.

AB - Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.

KW - Adversarial training

KW - Linear programming

KW - PGD

KW - Robust training

UR - https://www.scopus.com/pages/publications/85135064843

U2 - 10.1007/978-3-031-10363-6_22

DO - 10.1007/978-3-031-10363-6_22

M3 - 会议稿件

AN - SCOPUS:85135064843

SN - 9783031103629

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 326

EP - 343

BT - Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings

A2 - Aït-Ameur, Yamine

A2 - Crăciun, Florin

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022

Y2 - 8 July 2022 through 10 July 2022

ER -

Tang X, Yang Z, Fu X, Wang J, Zeng Z. Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. In Aït-Ameur Y, Crăciun F, editors, Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 326-343. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-10363-6_22