Smart Media Journal (스마트미디어저널)

THE KOREAN INSTITUTE OF SMART MEDIA (한국스마트미디어학회)
권호 표지
DOI QR코드

DOI QR Code

Adversarial Sample Generation and Training using Neural Network

  • Ho Yub Jung (Chosun University, Dept. of Computer Engineering)
  • Received : 2024.07.29
  • Accepted : 2024.09.20
  • Published : 2024.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

The neural network classifier is known to be susceptible to adversarial attacks, where projected gradient descent-like noise is added to the data, causing misclassification. These attacks can be prevented by min-max training, where the neural network is trained to handle adversarial attack data. Although min-max training is very effective, it requires a large amount of training time because each adversarial attack data generation requires several iterations of gradient back-propagation to produce. In this paper, convolutional layers are used to replace the projected gradient descent-based production of adversarial attack data in an attempt to reduce the training time. By replacing the adversarial noise generation with the output of convolutional layers, the training time becomes comparable to that of a simple neural network classifier with a few additional layers. The proposed approach significantly reduced the effects of smaller-scale adversarial attacks, and under certain circumstances, was shown to be as effective as min-max training. However, for severe attacks, the proposed approach was not able to compete with modern min-max-based remedies.

Keywords

Acknowledgement

This study was supported by research fund from Chosun University, 2023.

References

  1. Szegedy, C. "Intriguing properties of neural networks." arXiv preprint arXiv:1312.6199 (2013). 
  2. Bai, Tao, Jinqi Luo, Jun Zhao, Bihan Wen, and Qian Wang. "Recent advances in adversarial training for adversarial robustness," arXiv preprint arXiv:2102.01356 , 2021. 
  3. Qian, Zhuang, Kaizhu Huang, Qiu-Feng Wang, and Xu-Yao Zhang. "A survey of robust adversarial training in pattern recognition: Fundamental, theory, and methodologies," Pattern Recognition 131, 2022. 
  4. Tsipras, Dimitris, Shibani Santurkar, Logan Engstrom, Alexander Turner, and Aleksander Madry. "Robustness may be at odds with accuracy," arXiv preprint arXiv: 1805.12152 , 2018. 
  5. Madry, Aleksander, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. "Towards deep learning models resistant to adversarial attacks," stat 1050, no. 9, 2017. 
  6. Su, Jiawei, Danilo Vasconcellos Vargas, and Kouichi Sakurai. "One pixel attack for fooling deep neural networks," IEEE Transactions on Evolutionary Computation 23, no. 5, 2019. 
  7. Wang, Zekai, Tianyu Pang, Chao Du, Min Lin, Weiwei Liu, and Shuicheng Yan. "Better diffusion models further improve adversarial training," In International Conference on Machine Learning, pp. 36246-36263. PMLR, 2023. 
  8. Schwinn, Leo, et al. "Exploring misclassifications of robust neural networks to enhance adversarial attacks," Applied Intelligence, vol. 53, 2023. 
  9. https://robustbench.github.io/(accessed Jul., 28, 2024). 
  10. You, Zhonghui, Jinmian Ye, Kunming Li, Zenglin Xu, and Ping Wang. "Adversarial noise layer: Regularize neural network by adding noise." In 2019 IEEE International Conference on Image Processing (ICIP), pp. 909-913. IEEE, 2019. 
  11. Sankaranarayanan, Swami, Arpit Jain, Rama Chellappa, and Ser Nam Lim. "Regularizing deep networks using efficient layerwise adversarial training." In Proceedings of the AAAI Conference on Artificial Intelligence, vol. 32, no. 1, 2018. 
  12. Tramer, Florian, Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh, and Patrick McDaniel, "Ensemble adversarial training: Attacks and defenses," arXiv preprint arXiv:1705.07204, 2017.