当前位置: X-MOL 学术Pattern Recogn. Lett. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Cognitive data augmentation for adversarial defense via pixel masking
Pattern Recognition Letters ( IF 5.1 ) Pub Date : 2021-02-04 , DOI: 10.1016/j.patrec.2021.01.032
Akshay Agarwal , Mayank Vatsa , Richa Singh , Nalini Ratha

The vulnerability of deep networks towards adversarial perturbations has motivated the researchers to design detection and mitigation algorithms. Inspired by the dropout and dropconnect algorithms as well as augmentation techniques, this paper presents “PixelMask” based data augmentation as an efficient method of reducing the sensitivity of convolutional neural networks (CNNs) towards adversarial attacks. In the proposed approach, samples generated using PixelMask are used as augmented data, which helps in learning robust CNN models. Experiments performed with multiple databases and architectures show that the proposed PixelMask based data augmentation approach improves the classification performance on adversarially perturbed images. The proposed defense mechanism can be applied effectively for different adversarial attacks and can easily be combined with any deep neural network (DNN) architecture to increase the robustness. The effectiveness of the proposed defense is demonstrated in gray-box, white-box, and unseen train-test attack scenarios. For example, on the CIFAR-10 database under adaptive attack (i.e., projected gradient descent), the proposed PixelMask is able to improve the recognition performance of CNN by at-least 22.69%. Another advantage of the proposed algorithm over several existing defense algorithms is that the proposed defense either is able to retain or increase the classification accuracy of clean examples.



中文翻译:

通过像素遮罩进行对抗性防御的认知数据增强

深度网络容易受到对抗性干扰的影响,促使研究人员设计了检测和缓解算法。受辍学和辍学算法以及增强技术的启发,本文提出了基于“ PixelMask”的数据增强,作为降低卷积神经网络(CNN)对对抗攻击的敏感性的有效方法。在提出的方法中,使用PixelMask生成的样本用作增强数据,这有助于学习鲁棒的CNN模型。在多个数据库和架构上进行的实验表明,提出的PixelMask基于数据的增强方法提高了对抗性摄动图像的分类性能。所提出的防御机制可以有效地应用于不同的对抗攻击,并且可以轻松地与任何深度神经网络(DNN)体系结构结合以提高鲁棒性。在灰色方框,白色方框和看不见的火车测试攻击场景中证明了拟议防御的有效性。例如,在CIFAR-10数据库的自适应攻击(即预测的梯度下降)下,提出的PixelMask能够将CNN的识别性能至少提高22.69%。与几种现有的防御算法相比,所提出的算法的另一个优点是,所提出的防御能够保留或增加干净示例的分类精度。

更新日期:2021-04-11
down
wechat
bug