Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training

Keke Tang; Tianrui Lou; Xu He; Yawen Shi; Peican Zhu; Zhaoquan Gu

doi:10.1007/978-3-031-40283-8_28

Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training

Keke Tang, Tianrui Lou, Xu He, Yawen Shi, Peican Zhu, Zhaoquan Gu

光电与智能研究院

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

2 引用（Scopus）

摘要

Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A ³ T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A ³ T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.

源语言	英语
主期刊名	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
编辑	Zhi Jin, Yuncheng Jiang, Wenjun Ma, Robert Andrei Buchmann, Ana-Maria Ghiran, Yaxin Bi
出版商	Springer Science and Business Media Deutschland GmbH
页	328-342
页数	15
ISBN（印刷版）	9783031402821
DOI	https://doi.org/10.1007/978-3-031-40283-8_28
出版状态	已出版 - 2023
活动	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings - Guangzhou, 中国期限: 16 8月 2023 → 18 8月 2023

出版系列

姓名	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
卷	14117 LNAI
ISSN（印刷版）	0302-9743
ISSN（电子版）	1611-3349

会议

会议	Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings
国家/地区	中国
市	Guangzhou
时期	16/08/23 → 18/08/23

访问文件

10.1007/978-3-031-40283-8_28

其它文件与链接

链接到 Scopus 的出版物

引用此

Tang, K., Lou, T., He, X., Shi, Y., Zhu, P., & Gu, Z. (2023). Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. 在 Z. Jin, Y. Jiang, W. Ma, R. A. Buchmann, A.-M. Ghiran, & Y. Bi (编辑), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings (页码 328-342). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14117 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-40283-8_28

Tang, Keke ; Lou, Tianrui ; He, Xu 等. / Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. 编辑 / Zhi Jin ; Yuncheng Jiang ; Wenjun Ma ; Robert Andrei Buchmann ; Ana-Maria Ghiran ; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. 页码 328-342 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d189917731644ad3a4e0c08d3ed978ad,

title = "Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training",

abstract = "Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A 3 T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A 3 T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.",

keywords = "Adversarial attack, Adversarial defense, Adversarial example, Adversarial training, Anomaly",

author = "Keke Tang and Tianrui Lou and Xu He and Yawen Shi and Peican Zhu and Zhaoquan Gu",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings ; Conference date: 16-08-2023 Through 18-08-2023",

year = "2023",

doi = "10.1007/978-3-031-40283-8_28",

language = "英语",

isbn = "9783031402821",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "328--342",

editor = "Zhi Jin and Yuncheng Jiang and Wenjun Ma and Buchmann, {Robert Andrei} and Ana-Maria Ghiran and Yaxin Bi",

booktitle = "Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings",

}

Tang, K, Lou, T, He, X, Shi, Y, Zhu, P & Gu, Z 2023, Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. 在 Z Jin, Y Jiang, W Ma, RA Buchmann, A-M Ghiran & Y Bi (编辑), Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 卷 14117 LNAI, Springer Science and Business Media Deutschland GmbH, 页码 328-342, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings, Guangzhou, 中国, 16/08/23. https://doi.org/10.1007/978-3-031-40283-8_28

Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. / Tang, Keke; Lou, Tianrui; He, Xu 等.
Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. 编辑 / Zhi Jin; Yuncheng Jiang; Wenjun Ma; Robert Andrei Buchmann; Ana-Maria Ghiran; Yaxin Bi. Springer Science and Business Media Deutschland GmbH, 2023. 页码 328-342 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); 卷 14117 LNAI).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training

AU - Tang, Keke

AU - Lou, Tianrui

AU - He, Xu

AU - Shi, Yawen

AU - Zhu, Peican

AU - Gu, Zhaoquan

PY - 2023

Y1 - 2023

N2 - Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A 3 T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A 3 T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.

AB - Adversarial training (AT) is one of the most promising solutions for defending adversarial attacks. By exploiting the adversarial examples generated in the maximization step of AT, a large improvement on the robustness can be brought. However, by analyzing the original natural examples and the corresponding adversarial examples, we observe that a certain part of them are abnormal. In this paper, we propose a novel AT framework called anomaly-aware adversarial training (A 3 T), which utilizes different learning strategies for handling the one normal case and two abnormal cases of generating adversarial examples. Extensive experiments on three publicly available datasets with classifiers in three major network architectures demonstrate that A 3 T is effective in robustifying networks to adversarial attacks in both white/black-box settings and outperforms the state-of-the-art AT methods.

KW - Adversarial attack

KW - Adversarial defense

KW - Adversarial example

KW - Adversarial training

KW - Anomaly

UR - http://www.scopus.com/inward/record.url?scp=85172348038&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-40283-8_28

DO - 10.1007/978-3-031-40283-8_28

M3 - 会议稿件

AN - SCOPUS:85172348038

SN - 9783031402821

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 328

EP - 342

BT - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

A2 - Jin, Zhi

A2 - Jiang, Yuncheng

A2 - Ma, Wenjun

A2 - Buchmann, Robert Andrei

A2 - Ghiran, Ana-Maria

A2 - Bi, Yaxin

PB - Springer Science and Business Media Deutschland GmbH

T2 - Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings

Y2 - 16 August 2023 through 18 August 2023

ER -

Tang K, Lou T, He X, Shi Y, Zhu P, Gu Z. Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training. 在 Jin Z, Jiang Y, Ma W, Buchmann RA, Ghiran AM, Bi Y, 编辑, Knowledge Science, Engineering and Management - 16th International Conference, KSEM 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. 页码 328-342. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-40283-8_28

Enhancing Adversarial Robustness via Anomaly-aware Adversarial Training

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此