Toward Enhanced Adversarial Robustness Generalization in Object Detection: Feature Disentangled Domain Adaptation for Adversarial Training

被引:0
作者
Jung, Yoojin [1 ]
Song, Byung Cheol [1 ]
机构
[1] Inha Univ, Dept Elect & Comp Engn, Incheon 22212, South Korea
来源
IEEE ACCESS | 2024年 / 12卷
基金
新加坡国家研究基金会;
关键词
Feature extraction; Training; Object detection; Detectors; Robustness; Predictive models; Computational modeling; Adaptation models; Overfitting; Deep learning; Adversarial robustness; adversarial training; domain adaptation; feature disentanglement;
D O I
10.1109/ACCESS.2024.3507745
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Recent research has shown that deep learning models are likely to make incorrect predictions even when exposed to minor perturbations. To address this, training models on adversarial examples, particularly through Adversarial Training (AT), has gained attraction. However, traditional AT is prone to overfitting to specific attack types and remains vulnerable to other kinds of attacks. To solve this problem, we propose Feature Disentangled Domain Adaptation (FDDA). FDDA enhances the robustness of deep learning models through domain adaptation, separating the features of clean and adversarial images. Additionally, by introducing Feature Recalibration, the proposed method ensures more consistent learning of shared features between the two domains. Experimental results show FDDA's effectiveness against different adversarial attacks compared to traditional methods. By minimizing conflicts between clean and adversarial images, FDDA maximizes clean accuracy, demonstrating its superiority over state-of-the-art approaches.
引用
收藏
页码:179065 / 179076
页数:12
相关论文
共 61 条
[1]  
Madry A., Makelov A., Schmidt L., Tsipras D., Vladu A., Towards deep learning models resistant to adversarial attacks, Proc. Int. Conf. Learn. Represent., pp. 1-20, (2018)
[2]  
Zhang H., Yu Y., Jiao J., Xing E., El Ghaoui L., Jordan M., Theoretically principled trade-off between robustness and accuracy, Proc. Int. Conf. Mach. Learn., pp. 7472-7482, (2019)
[3]  
Kurakin A., Goodfellow I., Bengio S., Adversarial Machine Learning at Scale, Proc. Int. Conf. Learn. Represent., pp. 1-10, (2017)
[4]  
Tramer F., Kurakin A., Papernot N., Goodfellow I., Boneh D., McDaniel P., Ensemble Adversarial Training: Attacks and Defenses, Proc. Int. Conf. Learn. Represent., (2018)
[5]  
Song C., He K., Wang L., Hopcroft J.E., Improving the generalization of adversarial training with domain adaptation, Proc. Int. Conf. Learn. Represent., pp. 1-36, (2019)
[6]  
Hou X., Liu J., Xu B., Wang X., Liu B., Qiu G., Class-aware domain adaptation for improving adversarial robustness, Image and Vision Computing, 99, 103, (2020)
[7]  
Chen P., Kung B., Chen J., Class-aware robust adversarial training for object detection, Proc. IEEE Conf. Comput. Vis. Pattern Recognit. (CVPR), pp. 10420-10429, (2021)
[8]  
Xiang C., Wang J., Zhang Z., Zhou Y., Xie L., Yuille A., Adversarial examples for semantic segmentation and object detection, Proc. IEEE Conf. Comput. Vis. Pattern Recognit. (CVPR), pp. 1369-1378, (2017)
[9]  
Szegedy C., Zaremba W., Sutskever I., Bruna J., Erhan D., Goodfellow I., Fergus R., Intriguing properties of neural networks, Proc. Int. Conf. Learn. Represent., (2014)
[10]  
Goodfellow I., Shlens J., Szegedy C., Explaining and harnessing adversarial examples, Proc. Int. Conf. Learn. Represent., pp. 1-19, (2015)
1234567