0% Complete
Home
/
13th International Conference on Computer and Knowledge Engineering
A large input-space-margin approach for adversarial training
Authors :
Reihaneh Nikouei
1
Mohammad Taheri
2
1- Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran.
2- Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran.
Keywords :
Adversarial attack،Large margin،Input space،Defense method
Abstract :
It is shown that machine learning models are vulnerable to adversarial attacks. Therefore, different defense methods such as adversarial training have been proposed to improve models’ robustness against these attacks. Some recent approaches proposed to structurally improve the robustness of the models. For example, large margin methods try to increase a margin, empty of instances, along decision boundaries that structurally increase necessary change to modify a training instance to an adversarial one. However, nonlinear large-margin models, maximize the margin in a high dimensional space although adversarial examples are generated with a little change in the original space. In this paper, a novel mixed approach is proposed, called LIM (Large Input Margin) to improve the robustness of the model by minimizing both structural and empirical risks. Specifically, both training and adversarial example generation are done based on a loss function to maximize the margin in the original feature space even in a non-linear model. The proposed method is evaluated with FGSM and PGD attacks on MNIST and CIFAR10 datasets. The experimental results show that LIM method outperforms the state-of-the-art defense methods significantly and improves adversarial robustness against FGSM and PGD attacks on both datasets.
Papers List
List of archived papers
TCAR: Thermal and Congestion-Aware Routing Algorithm in a Partially Connected 3D Network on Chip
Majid Nezarat - Masoomeh Momeni
Optimizing Foreign Exchange Trading Performance Through Reinforcement Machine Learning Framework
Ervin Gubin Moung - Hani Yasmin Binti Murnizam - Maisarah Mohd Sufian - Valentino Liaw - Ali Farzamnia - Lorita Angeline
Enhancing Lighter Neural Network Performance with Layer-wise Knowledge Distillation and Selective Pixel Attention
Siavash Zaravashan - Sajjad Torabi - Hesam Zaravashan
Bridging the Synthetic-to-Real Gap (BSRG): Creating Simulated Datasets for Domain Adaptation to Enhance Vehicle Detection
Behnaz Sadeghigol - Mohammad Ali Keyvanrad
Pruning and Mixed Precision Techniques for Accelerating Neural Network
Mahsa Zahedi - Mohammad Sediq Abazari Bozhgani - Abdorreza Savadi
Classification of benign and malignant tumors in Digital Breast Tomosynthesis images using Radiomic-based methods
Farangis Sajadi moghadam - Saeid Rashidi
An Evolutionary Approach with Surrogate Models for Feature Selection in Intrusion Detection Systems
Sadeq Moradi - Hadi Shahriar Shahhoseini
SUT: a new multi-purpose synthetic dataset for Farsi document image analysis
Elham Shabaninia - Fatemeh sadat Eslami - Ali Afkari Fahandari - Hossein Nezamabadi-pour
Real-time Implementation of Fuzzy Visual Servoing for a Delta Robot via Shape and Color Detection
Nooshin Najafian - Alireza Ashrafi Majd - Abbas Ansaroudi - Sahar Aghazadeh - Manizheh Zakeri - Mohammad-Reza Sayyed Noorani
Driving Violation Detection Using Vehicle Data and Environmental Conditions
Masood Ghasemi - Mahmood Fathy - Mohammad Shahverdy
more
Samin Hamayesh - Version 43.7.0
