首页|期刊导航|计算机工程与应用|尺度不变的条件数约束的模型鲁棒性增强算法

尺度不变的条件数约束的模型鲁棒性增强算法

徐杨宇高宝元郭杰龙邵东恒魏宪

计算机工程与应用2024，Vol.60Issue(8)：140-147,8.

计算机工程与应用2024，Vol.60Issue(8)：140-147,8.DOI:10.3778/j.issn.1002-8331.2212-0114

尺度不变的条件数约束的模型鲁棒性增强算法

Model Robustness Enhancement Algorithm with Scale Invariant Condition Number Constraint

徐杨宇 ¹高宝元 ²郭杰龙 ³邵东恒 ³魏宪³

作者信息

1. 中国科学院福建物质结构研究所,福州 350002||中国科学院大学,北京 100049
2. 中国科学院福建物质结构研究所,福州 350002||福建师范大学计算机与网络空间安全学院,福州 350117
3. 中国科学院福建物质结构研究所,福州 350002||中国科学院海西研究院泉州装备制造研究中心,福建泉州 362200
折叠

摘要

Abstract

Deep neural networks are vulnerable to adversarial examples,which has been threatening their application in safety-critical scenarios.Based on the explanation that adversarial examples arise from the highly linear behavior of neural networks,a model robustness enhancement algorithm based on scale-invariant condition number constraint is proposed.Firstly,all weight matrices are used to calculate their norms during the adversarial training process,and the scale-invariant constraint term is obtained through the logarithmic function.Secondly,the scale-invariant condition number constraint item is incorporated into the outer framework of adversarial training optimization,and the condition number value of all weight matrices are iteratively reduced through backpropagation,thereby performing linear transfor-mation of the neural network in a well-conditioned high-dimensional weight space,to improve robustness against adver-sarial perturbations.This algorithm is suitable for visual models of both convolution and Transformer architectures.It can not only significantly improve the robust accuracy against white-box attacks such as PGD and AutoAttack,but also effec-tively enhance the adversarial robustness of defending against black-box attack algorithms including square attack.Incor-porating the proposed constraint during adversarial training on Transformer-based image classification model,the condi-tion number value of weight matrices drops by 20.7%on average,the robust accuracy can be increased by 1.16 percentage points when defending against PGD attacks.Compared with similar methods such as Lipschitz constraints,the pro-posed method can also improve the accuracy of clean examples and alleviate the problem of low generalization caused by adversarial training.

关键词

对抗训练/对抗鲁棒性/条件数/尺度不变性/图像分类

Key words

adversarial training/adversarial robustness/condition number/scale-invariance/image classification

分类

信息技术与安全科学

引用本文复制引用

徐杨宇,高宝元,郭杰龙,邵东恒,魏宪..尺度不变的条件数约束的模型鲁棒性增强算法[J].计算机工程与应用,2024,60(8):140-147,8.

基金项目

福建省科技计划项目(2021T3003,2021T3068) （2021T3003,2021T3068）

泉州市科技计划项目(2021C065L). （2021C065L）

计算机工程与应用

OA北大核心CSTPCD

ISSN：1002-8331

访问量0

下载量0

段落导航