Robust Training with Feature-Based Adversarial Example

Xuanming Fu; Zhengfeng Yang; Hao Xue; Jianlin Wang; Zhenbing Zeng

doi:10.1109/ICPR56361.2022.9956608

Robust Training with Feature-Based Adversarial Example

Xuanming Fu, Zhengfeng Yang, Hao Xue, Jianlin Wang, Zhenbing Zeng

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Adversarial training is an efficacious defense approach to protect classification model against adversarial attacks. In this paper, we reveal that a significant difference exists between the feature map of the original sample and that of its corresponding adversarial version. Based on this main insight, we propose a novel robust training on feature-based adversarial examples approach called FPAT, where training examples are generated by maximizing the loss function between the clean and the adversarial feature maps. We show via extensive experiments on MNIST, SVHN and CIFAR-10, that our proposed method is as effective as the state-of-the-art robust training methods. Especially, when the adversarial perturbation is of a large radius or the number of adversarial steps of training samples is small, FPAT achieves leading robustness.

Original language	English
Title of host publication	2022 26th International Conference on Pattern Recognition, ICPR 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	2957-2963
Number of pages	7
ISBN (Electronic)	9781665490627
DOIs	https://doi.org/10.1109/ICPR56361.2022.9956608
State	Published - 2022
Event	26th International Conference on Pattern Recognition, ICPR 2022 - Montreal, Canada Duration: 21 Aug 2022 → 25 Aug 2022

Publication series

Name	Proceedings - International Conference on Pattern Recognition
Volume	2022-August
ISSN (Print)	1051-4651

Conference

Conference	26th International Conference on Pattern Recognition, ICPR 2022
Country/Territory	Canada
City	Montreal
Period	21/08/22 → 25/08/22

Access to Document

10.1109/ICPR56361.2022.9956608

Cite this

Fu, X., Yang, Z., Xue, H., Wang, J., & Zeng, Z. (2022). Robust Training with Feature-Based Adversarial Example. In 2022 26th International Conference on Pattern Recognition, ICPR 2022 (pp. 2957-2963). (Proceedings - International Conference on Pattern Recognition; Vol. 2022-August). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICPR56361.2022.9956608

@inproceedings{cf078f76ad784a00aab7808cdcb8d36d,

title = "Robust Training with Feature-Based Adversarial Example",

abstract = "Adversarial training is an efficacious defense approach to protect classification model against adversarial attacks. In this paper, we reveal that a significant difference exists between the feature map of the original sample and that of its corresponding adversarial version. Based on this main insight, we propose a novel robust training on feature-based adversarial examples approach called FPAT, where training examples are generated by maximizing the loss function between the clean and the adversarial feature maps. We show via extensive experiments on MNIST, SVHN and CIFAR-10, that our proposed method is as effective as the state-of-the-art robust training methods. Especially, when the adversarial perturbation is of a large radius or the number of adversarial steps of training samples is small, FPAT achieves leading robustness.",

author = "Xuanming Fu and Zhengfeng Yang and Hao Xue and Jianlin Wang and Zhenbing Zeng",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 26th International Conference on Pattern Recognition, ICPR 2022 ; Conference date: 21-08-2022 Through 25-08-2022",

year = "2022",

doi = "10.1109/ICPR56361.2022.9956608",

language = "英语",

series = "Proceedings - International Conference on Pattern Recognition",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "2957--2963",

booktitle = "2022 26th International Conference on Pattern Recognition, ICPR 2022",

address = "美国",

}

Fu, X, Yang, Z, Xue, H, Wang, J & Zeng, Z 2022, Robust Training with Feature-Based Adversarial Example. in 2022 26th International Conference on Pattern Recognition, ICPR 2022. Proceedings - International Conference on Pattern Recognition, vol. 2022-August, Institute of Electrical and Electronics Engineers Inc., pp. 2957-2963, 26th International Conference on Pattern Recognition, ICPR 2022, Montreal, Canada, 21/08/22. https://doi.org/10.1109/ICPR56361.2022.9956608

Robust Training with Feature-Based Adversarial Example. / Fu, Xuanming; Yang, Zhengfeng; Xue, Hao et al.
2022 26th International Conference on Pattern Recognition, ICPR 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 2957-2963 (Proceedings - International Conference on Pattern Recognition; Vol. 2022-August).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Robust Training with Feature-Based Adversarial Example

AU - Fu, Xuanming

AU - Yang, Zhengfeng

AU - Xue, Hao

AU - Wang, Jianlin

AU - Zeng, Zhenbing

PY - 2022

Y1 - 2022

N2 - Adversarial training is an efficacious defense approach to protect classification model against adversarial attacks. In this paper, we reveal that a significant difference exists between the feature map of the original sample and that of its corresponding adversarial version. Based on this main insight, we propose a novel robust training on feature-based adversarial examples approach called FPAT, where training examples are generated by maximizing the loss function between the clean and the adversarial feature maps. We show via extensive experiments on MNIST, SVHN and CIFAR-10, that our proposed method is as effective as the state-of-the-art robust training methods. Especially, when the adversarial perturbation is of a large radius or the number of adversarial steps of training samples is small, FPAT achieves leading robustness.

AB - Adversarial training is an efficacious defense approach to protect classification model against adversarial attacks. In this paper, we reveal that a significant difference exists between the feature map of the original sample and that of its corresponding adversarial version. Based on this main insight, we propose a novel robust training on feature-based adversarial examples approach called FPAT, where training examples are generated by maximizing the loss function between the clean and the adversarial feature maps. We show via extensive experiments on MNIST, SVHN and CIFAR-10, that our proposed method is as effective as the state-of-the-art robust training methods. Especially, when the adversarial perturbation is of a large radius or the number of adversarial steps of training samples is small, FPAT achieves leading robustness.

UR - https://www.scopus.com/pages/publications/85143591538

U2 - 10.1109/ICPR56361.2022.9956608

DO - 10.1109/ICPR56361.2022.9956608

M3 - 会议稿件

AN - SCOPUS:85143591538

T3 - Proceedings - International Conference on Pattern Recognition

SP - 2957

EP - 2963

BT - 2022 26th International Conference on Pattern Recognition, ICPR 2022

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 26th International Conference on Pattern Recognition, ICPR 2022

Y2 - 21 August 2022 through 25 August 2022

ER -

Robust Training with Feature-Based Adversarial Example

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this