计算机应用研究2024,Vol.41Issue(6):1845-1850,6.DOI:10.19734/j.issn.1001-3695.2023.09.0431
基于可学习攻击步长的联合对抗训练方法
Joint adversarial training method based on learnable attack step size
摘要
Abstract
AT is a powerful means to defend against adversarial attacks.However,currently available methods often struggle to strike a balance between training efficiency and adversarial robustness.Some methods increase training efficiency but de-crease adversarial robustness,while others do the opposite.To achieve the best trade-off,this paper proposed a joint adversa-rial training method based on a learnable attack step size(FGSM-LASS).This method included a prediction model and a tar-get model.The prediction model predicted an attack step size for each example,which replaced the fixed-size attack step size using in the FGSM algorithm.Subsequently,the improved FGSM algorithm feeded both the target model parameters and origi-nal examples to generate adversarial examples.Finally,the prediction model and the target model perform joint adversarial training using these adversarial examples.Compared to the five most recent methods,FGSM-LASS was six times faster than LAS-AT,which was the best performing method in terms of robustness,with only 1%decrease in robustness.It was 3%more robust than ATAS,which was comparable in speed.Extensive experimental results fully demonstrate that FGSM-LASS outper-forms current methods in the trade-off between training speed and adversarial robustness.关键词
对抗训练/对抗样本/对抗攻击/预测模型/可学习攻击步长Key words
adversarial training(AT)/adversarial example/adversarial attack/prediction model/learnable attack step size分类
信息技术与安全科学引用本文复制引用
杨时康,柳毅..基于可学习攻击步长的联合对抗训练方法[J].计算机应用研究,2024,41(6):1845-1850,6.基金项目
广东省重点研发项目(2021B0101200002) (2021B0101200002)
