0% Complete
Home
/
13th International Conference on Computer and Knowledge Engineering
A large input-space-margin approach for adversarial training
Authors :
Reihaneh Nikouei
1
Mohammad Taheri
2
1- Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran.
2- Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran.
Keywords :
Adversarial attack،Large margin،Input space،Defense method
Abstract :
It is shown that machine learning models are vulnerable to adversarial attacks. Therefore, different defense methods such as adversarial training have been proposed to improve models’ robustness against these attacks. Some recent approaches proposed to structurally improve the robustness of the models. For example, large margin methods try to increase a margin, empty of instances, along decision boundaries that structurally increase necessary change to modify a training instance to an adversarial one. However, nonlinear large-margin models, maximize the margin in a high dimensional space although adversarial examples are generated with a little change in the original space. In this paper, a novel mixed approach is proposed, called LIM (Large Input Margin) to improve the robustness of the model by minimizing both structural and empirical risks. Specifically, both training and adversarial example generation are done based on a loss function to maximize the margin in the original feature space even in a non-linear model. The proposed method is evaluated with FGSM and PGD attacks on MNIST and CIFAR10 datasets. The experimental results show that LIM method outperforms the state-of-the-art defense methods significantly and improves adversarial robustness against FGSM and PGD attacks on both datasets.
Papers List
List of archived papers
Multimodal Deep Learning Framework for PTSD Detection during Sleep via EEG and Biosignal Fusion
Danial Eskandari Faruji - Amir Akhavan Saffar - Mobina Ansari Astaneh
An Energy-efficient Clustering Method based on Butterfly Optimization Algorithm by Considering the Criterion of Intra-cluster Distances in WSNs
Fariba Saghi Hadi S. Aghdasi
Optimization of quantum secret sharing communication using corresponding bits
Mahsa Khorrampanah - Mohammad Bolokian - Monireh Houshmand
A Comprehensive Dataset of Real-scene Images for Text Detection and Recognition in Persian
Iman Souzanchi - Ramin Rahimi - Mohammad Ali Majidi Anvari - Atefeh Baniasadi - Ashkan Sadeghi - Mohammad Reza Mohammadi
Segmentation of Hard Exudates in Retinal Fundus Images Using BCDU-Net
Nafise Ameri - Nasser Shoeibi - Mojtaba Abrishami
Improving LoRaWAN Scalability for IoT Applications using Context Information
Hamed Mahmoudi - Behrouz ShahgholiGhahfarokhi
Depression Diagnosis Using Optimization of Nonlinear EEG Features Based on Parametric Learning Tactics
Ali Asadi Zeidabadi - Melika Changizi - Mahdi Zolfagharzadeh Kermani - Sara Bargi Barkouk
A Language-Independent Approach to Classification of Textual File Fragments: Case Study of Persian, English, and Chinese Languages
Fatemeh Mansouri Hanis - Hamidreza Khoshvaghti - Mehdi Teimouri - Hadi Veisi
Speech Emotion Recognition Using a Hierarchical Adaptive Weighted Multi-Layer Sparse Auto-Encoder Extreme Learning Machine with New Weighting and Spectral/SpectroTemporal Gabor Filter Bank Features
Fatemeh Daneshfar - Seyed Jahanshah Kabudian
A Systematic Embedded Software Design Flow for Robotic Applications
Navid Mahdian - Seyed-Hosein Attarzadeh-Niaki - Armin Salimi-Badr
more
Samin Hamayesh - Version 43.7.0
