Fast adversarial training method based on discrete cosine transform

被引：0

作者：

Wang, Xiaomiao ^{[1
]}

Zhang, Yujin ^{[1
]}

Zhang, Tao ^{[2
]}

Tian, Jin ^{[1
]}

Wu, Fei ^{[1
]}

机构：

[1] School of Electronic and Electrical Engineering, Shanghai University of Engineering Science, Shanghai

[2] School of Computer Science and Engineering, Changshu Institute of Technology, Changshu

来源：

Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science) | 2024年 / 58卷 / 11期

关键词：

adversarial example; discrete cosine transform (DCT); example initialization; fast adversarial training; robustness;

D O I：

10.3785/j.issn.1008-973X.2024.11.004

中图分类号：

学科分类号：

摘要：

A fast adversarial training method based on discrete cosine transform (DCT) was proposed from the perspective of the frequency domain in order to enhance the robustness of deep neural network. An adversarial initialization generation module was introduced, which adaptively generated initialization information based on the system’s robustness, allowing for more accurate capture of image features and effectively avoiding catastrophic overfitting. Random spectral transformations were applied to the samples, transforming them from the spatial domain to the frequency domain, which improved the model’s transferability and generalization ability by controlling spectral saliency. The effectiveness of the proposed method was validated on the CIFAR-10 and CIFAR-100 datasets. The experimental results show that the robust accuracy of the proposed method on CIFAR-10 improved by 2% to 9% compared to existing methods, and improved by 1% to 9% on CIFAR-100 by using ResNet18 as the target network and facing PGD-10 attacks. Similar effects were achieved when facing PGD-20, PGD-50, C&W and other attacks, as well as when applied to more complex model architectures. The proposed method not only avoids catastrophic overfitting but also effectively enhances system robustness. © 2024 Zhejiang University. All rights reserved.

引用

页码：2230 / 2238

页数：8

共 28 条

[1] JIN Xin, ZHUANG Jianjun, XU Ziheng, Lightweight YOLOv5s network-based algorithm for identifying hazardous objects under vehicles [J], Journal of Zhejiang University: Engineering Science, 57, 8, pp. 1516-1526, (2023)
[2] XIONG Fan, CHEN Tian, BIAN Baicheng, Et al., Chip surface character recognition based on convolutional recurrent neural network [J], Journal of Zhejiang University: Engineering Science, 57, 5, pp. 948-956, (2023)
[3] LIU Chunjuan, QIAO Ze, YAN Haowen, Et al., Semantic segmentation network for remote sensing image based on multiscale mutual attention [J], Journal of Zhejiang University: Engineering Science, 57, 7, pp. 1335-1344, (2023)
[4] YANG Changchun, YE Zanting, LIU Banteng, Et al., Medical image segmentation method based on multi-source information fusion [J], Journal of Zhejiang University: Engineering Science, 57, 2, pp. 226-234, (2023)
[5] SONG Xiulan, DONG Zhaohang, SHAN Hangguan, Et al., Vehicle trajectory prediction based on temporal-spatial multihead attention mechanism [J], Journal of Zhejiang University: Engineering Science, 57, 8, pp. 1636-1643, (2023)
[6] SZEGEDY C, ZAREMBA W, SUTSKEVER I, Et al., Intriguing properties of neural networks [C], 2nd International Conference on Learning Representations, (2014)
[7] MADRY A, MAKELOV A, SCHMIDT L, Et al., Towards deep learning models resistant to adversarial attacks [C], International Conference on Learning Representations, (2018)
[8] WANG Y, MA X, BAILEY J, Et al., On the convergence and robustness of adversarial training, International Conference on Machine Learning, pp. 6586-6595, (2019)
[9] GOODFELLOW J, SHLENS J, SZEGEDY C., Explaining and harnessing adversarial examples [C], International Conference on Learning Representation, (2015)
[10] WONG E, RICE L, KOLTER J. Z., Fast is better than free: revisiting adversarial training [C], International Conference on Learning Representations, (2020)

← 1 2 3 →