Improving Adversarial Robustness of Deep Neural Networks via Linear Programming

Xiaochao Tang; Zhengfeng Yang; Xuanming Fu; Jianlin Wang; Zhenbing Zeng

doi:10.1007/978-3-031-10363-6_22

Improving Adversarial Robustness of Deep Neural Networks via Linear Programming

Xiaochao Tang
, Zhengfeng Yang^*
, Xuanming Fu
, Jianlin Wang
, Zhenbing Zeng

^*此作品的通讯作者

软件工程学院

East China Normal University
Henan University
Shanghai University

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.

源语言	英语
主期刊名	Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings
编辑	Yamine Aït-Ameur, Florin Crăciun
出版商	Springer Science and Business Media Deutschland GmbH
页	326-343
页数	18
ISBN（印刷版）	9783031103629
DOI	https://doi.org/10.1007/978-3-031-10363-6_22
出版状态	已出版 - 2022
活动	16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022 - Cluj-Napoca, 罗马尼亚期限: 8 7月 2022 → 10 7月 2022

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	13299 LNCS
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022
国家/地区	罗马尼亚
市	Cluj-Napoca
时期	8/07/22 → 10/07/22

访问文件

10.1007/978-3-031-10363-6_22

其它文件与链接

链接到 Scopus 的出版物

引用此

Tang, X., Yang, Z., Fu, X., Wang, J., & Zeng, Z. (2022). Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. 在 Y. Aït-Ameur, & F. Crăciun (编辑), Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings (页码 326-343). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13299 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-10363-6_22

Tang, Xiaochao ; Yang, Zhengfeng ; Fu, Xuanming 等. / Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. 编辑 / Yamine Aït-Ameur ; Florin Crăciun. Springer Science and Business Media Deutschland GmbH, 2022. 页码 326-343 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0b2d342b17ce4a08beed622968b983bb,

title = "Improving Adversarial Robustness of Deep Neural Networks via Linear Programming",

abstract = "Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.",

keywords = "Adversarial training, Linear programming, PGD, Robust training",

author = "Xiaochao Tang and Zhengfeng Yang and Xuanming Fu and Jianlin Wang and Zhenbing Zeng",

note = "Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; 16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022 ; Conference date: 08-07-2022 Through 10-07-2022",

year = "2022",

doi = "10.1007/978-3-031-10363-6\_22",

language = "英语",

isbn = "9783031103629",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "326--343",

editor = "Yamine A{\"i}t-Ameur and Florin Cr{\u a}ciun",

booktitle = "Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings",

address = "德国",

}

Tang, X, Yang, Z, Fu, X, Wang, J & Zeng, Z 2022, Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. 在 Y Aït-Ameur & F Crăciun (编辑), Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 13299 LNCS, Springer Science and Business Media Deutschland GmbH, 页码 326-343, 16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022, Cluj-Napoca, 罗马尼亚, 8/07/22. https://doi.org/10.1007/978-3-031-10363-6_22

Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. / Tang, Xiaochao; Yang, Zhengfeng; Fu, Xuanming 等.
Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. 编辑 / Yamine Aït-Ameur; Florin Crăciun. Springer Science and Business Media Deutschland GmbH, 2022. 页码 326-343 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 13299 LNCS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Improving Adversarial Robustness of Deep Neural Networks via Linear Programming

AU - Tang, Xiaochao

AU - Yang, Zhengfeng

AU - Fu, Xuanming

AU - Wang, Jianlin

AU - Zeng, Zhenbing

PY - 2022

Y1 - 2022

N2 - Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.

AB - Adversarial training provides an effective means to improve the robustness of neural networks against adversarial attacks. The nonlinear feature of neural networks makes it difficult to find good adversarial examples where project gradient descent (PGD) based training is reported to perform best. In this paper, we build an iterative training framework to implement effective robust training. It introduces the Least-Squares based linearization to build a set of affine functions to approximate the nonlinear functions calculating the difference of discriminant values between a specific class and the correct class and solves it using LP solvers by simplex methods. The solutions found by LP solvers turn out to be very close to the real optimum so that our method outperforms PGD based adversarial training, as is shown by extensive experiments on the MNIST and CIFAR-10 datasets. Especially, our methods can provide considerable robust networks on CIFAR-10 against the strong strength attacks, where the other methods get stuck and do not converge.

KW - Adversarial training

KW - Linear programming

KW - PGD

KW - Robust training

UR - https://www.scopus.com/pages/publications/85135064843

U2 - 10.1007/978-3-031-10363-6_22

DO - 10.1007/978-3-031-10363-6_22

M3 - 会议稿件

AN - SCOPUS:85135064843

SN - 9783031103629

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 326

EP - 343

BT - Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings

A2 - Aït-Ameur, Yamine

A2 - Crăciun, Florin

PB - Springer Science and Business Media Deutschland GmbH

T2 - 16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022

Y2 - 8 July 2022 through 10 July 2022

ER -

Tang X, Yang Z, Fu X, Wang J, Zeng Z. Improving Adversarial Robustness of Deep Neural Networks via Linear Programming. 在 Aït-Ameur Y, Crăciun F, 编辑, Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. 页码 326-343. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-10363-6_22

Improving Adversarial Robustness of Deep Neural Networks via Linear Programming

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此