0% Complete
Home
/
13th International Conference on Computer and Knowledge Engineering
A large input-space-margin approach for adversarial training
Authors :
Reihaneh Nikouei
1
Mohammad Taheri
2
1- Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran.
2- Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran.
Keywords :
Adversarial attack،Large margin،Input space،Defense method
Abstract :
It is shown that machine learning models are vulnerable to adversarial attacks. Therefore, different defense methods such as adversarial training have been proposed to improve models’ robustness against these attacks. Some recent approaches proposed to structurally improve the robustness of the models. For example, large margin methods try to increase a margin, empty of instances, along decision boundaries that structurally increase necessary change to modify a training instance to an adversarial one. However, nonlinear large-margin models, maximize the margin in a high dimensional space although adversarial examples are generated with a little change in the original space. In this paper, a novel mixed approach is proposed, called LIM (Large Input Margin) to improve the robustness of the model by minimizing both structural and empirical risks. Specifically, both training and adversarial example generation are done based on a loss function to maximize the margin in the original feature space even in a non-linear model. The proposed method is evaluated with FGSM and PGD attacks on MNIST and CIFAR10 datasets. The experimental results show that LIM method outperforms the state-of-the-art defense methods significantly and improves adversarial robustness against FGSM and PGD attacks on both datasets.
Papers List
List of archived papers
A parallel CNN-BiGRU network for short-term load forecasting in demand-side management
Arghavan Irankhah - Sahar Rezazadeh Saatlou - Mohammad Hossein Yaghmaee - Sara Ershadi-Nasab - Mohammad Alishahi
Compressing Deep Neural Networks Using Explainable AI
Kimia Soroush - Mohsen Raji - Behnam Ghavami
Virtual Network Embedding based on Univariate Distribution Estimation
Arezoo Jahani
Pyramid Transformer for Traffic Sign Detection
Omid Nejati manzari - Amin Boudesh - Shahriar B. Shokouhi
R2-BAC: A Novel Blockchain and IoT-Based Access Control Model for Supply Chain Management
Sadegh Sohani - Farnaz Kamranfar - Haleh Amintoosi - Mohammad Allahbakhsh
Optimization Resource Allocation in NOMA-based Fog Computing with a Hybrid Algorithm
Zohreh Torki - S.Mojtaba Matinkhah
Predicting cascading failure with machine learning methods in the interdependent networks
Mohamad Hossein Maghsoodi - Mohamad Khansari
Leveraging a structure-based and learning-based predictor using various feature groups in bioinformatics (case study: protein-peptide region residue-level interaction)
Shima Shafiee - Abdolhossein Fathi
Hybrid Flow-Rule Placement Method of Proactive and Reactive in SDNs
Mohammadreza Khoobbakht - Mohammadreza Noei - Mohammadreza Parvizimosaed
Span-prediction of Unknown Values for Long-sequence Dialogue State Tracking
Marzieh Naghdi Dorabati - Reza Ramezani - Mohammad Ali Nematbakhsh
more
Samin Hamayesh - Version 41.7.6