Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training

Keke Tang; Tianrui Lou; Xu He; Yawen Shi; Peican Zhu; Zhaoquan Gu

doi:10.1007/978-3-031-40283-8_28

Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training

Keke Tang, Tianrui Lou, Xu He, Yawen Shi, Peican Zhu, Zhaoquan Gu

School of Artificial Intelligence, OPtics and Electronics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A ³ T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A ³ T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.

Original language	English
Title of host publication	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
Editors	Zhi Jin, Yuncheng Jiang, Wenjun Ma, Robert Andrei Buchmann, Ana-Maria Ghiran, Yaxin Bi
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	328-342
Number of pages	15
ISBN (Print)	9783031402821
DOIs	https://doi.org/10.1007/978-3-031-40283-8_28
State	Published - 2023
Event	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings - Guangzhou, China Duration: 16 Aug 2023 → 18 Aug 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14117 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
Country/Territory	China
City	Guangzhou
Period	16/08/23 → 18/08/23

Keywords

Adversarial attack
Adversarial defense
Adversarial example
Adversarial training
Anomaly

Access to Document

10.1007/978-3-031-40283-8_28

Cite this

Tang, K., Lou, T., He, X., Shi, Y., Zhu, P., & Gu, Z. (2023). Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. In Z. Jin, Y. Jiang, W. Ma, R. A. Buchmann, A.-M. Ghiran, & Y. Bi (Eds.), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings (pp. 328-342). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14117 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-40283-8_28

Tang, Keke ; Lou, Tianrui ; He, Xu et al. / Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. editor / Zhi Jin ; Yuncheng Jiang ; Wenjun Ma ; Robert Andrei Buchmann ; Ana-Maria Ghiran ; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. pp. 328-342 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d189917731644ad3a4e0c08d3ed978ad,

title = "Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training",

abstract = "Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A 3 T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A 3 T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.",

keywords = "Adversarial attack, Adversarial defense, Adversarial example, Adversarial training, Anomaly",

author = "Keke Tang and Tianrui Lou and Xu He and Yawen Shi and Peican Zhu and Zhaoquan Gu",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings ; Conference date: 16-08-2023 Through 18-08-2023",

year = "2023",

doi = "10.1007/978-3-031-40283-8_28",

language = "英语",

isbn = "9783031402821",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "328--342",

editor = "Zhi Jin and Yuncheng Jiang and Wenjun Ma and Buchmann, {Robert Andrei} and Ana-Maria Ghiran and Yaxin Bi",

booktitle = "Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings",

}

Tang, K, Lou, T, He, X, Shi, Y, Zhu, P & Gu, Z 2023, Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. in Z Jin, Y Jiang, W Ma, RA Buchmann, A-M Ghiran & Y Bi (eds), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14117 LNAI, Springer Science and Business Media Deutschland GmbH, pp. 328-342, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings, Guangzhou, China, 16/08/23. https://doi.org/10.1007/978-3-031-40283-8_28

Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. / Tang, Keke; Lou, Tianrui; He, Xu et al.
Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. ed. / Zhi Jin; Yuncheng Jiang; Wenjun Ma; Robert Andrei Buchmann; Ana-Maria Ghiran; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. p. 328-342 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14117 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training

AU - Tang, Keke

AU - Lou, Tianrui

AU - He, Xu

AU - Shi, Yawen

AU - Zhu, Peican

AU - Gu, Zhaoquan

PY - 2023

Y1 - 2023

N2 - Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A 3 T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A 3 T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.

AB - Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A 3 T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A 3 T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.

KW - Adversarial attack

KW - Adversarial defense

KW - Adversarial example

KW - Adversarial training

KW - Anomaly

UR - http://www.scopus.com/inward/record.url?scp=85172348038&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-40283-8_28

DO - 10.1007/978-3-031-40283-8_28

M3 - 会议稿件

AN - SCOPUS:85172348038

SN - 9783031402821

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 328

EP - 342

BT - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

A2 - Jin, Zhi

A2 - Jiang, Yuncheng

A2 - Ma, Wenjun

A2 - Buchmann, Robert Andrei

A2 - Ghiran, Ana-Maria

A2 - Bi, Yaxin

PB - Springer Science and Business Media Deutschland GmbH

T2 - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

Y2 - 16 August 2023 through 18 August 2023

ER -

Tang K, Lou T, He X, Shi Y, Zhu P, Gu Z. Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. In Jin Z, Jiang Y, Ma W, Buchmann RA, Ghiran AM, Bi Y, editors, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 328-342. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-40283-8_28