Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (10): 362-368.doi: 10.11896/jsjkx.220800090

• Information Security • Previous Articles     Next Articles

Study on Adversarial Robustness of Deep Learning Models Based on SVD

ZHAO Zitian, ZHAN Wenhan, DUAN Hancong, WU Yue   

  1. School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China
  • Received:2022-08-09 Revised:2022-11-28 Online:2023-10-10 Published:2023-10-10
  • About author:ZHAO Zitian,born in 1993,Ph.D.His main research interests include AI security and voice print recognition.ZHAN Wenhan,born in 1987,Ph.D,senior experimentalist.His main research interests include cloud computing,edge computing,distributed systems and AI.

PDF (PC)

1212

Abstract: The emergence of adversarial attacks poses a substantial threat to the large-scale deployment of deep neural networks(DNNs) in real-world scenarios,especially in security-related domains.Most of the current defense methods are based on heuristic assumptions and lack analysis of model robustness.How to improve the robustness of DNN and improve the interpretability and credibility of the robustness has become an essential part of the field of artificial intelligence security.This paper proposes to analyze the robustness of the model from the perspective of singular values.In the adversarial environment,the improvement of model robustness is accompanied by a smoother distribution of singular values.Further analysis shows that the smooth distribution of singular values means that the model has more diverse classification confidence sources and thus has higher adversarial robustness.Based on the analysis,an adversarial training algorithm based on singular value suppress(SVS) is proposed.Experiments show that the algorithm improves the robustness of the model and can achieve accuracy of 55.3% and 54.51% respectively on CIFAR-10 and SVHN when facing the powerful white-box attack PGD(Project Gradient Descent) method,exceeding the most representative adversarial training methods at present.

Key words: Deep learning, Adversarial defense, Adversarial training, Adversarial robustness, Singular value decomposition

CLC Number: 

  • TP391
[1]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining andHarnessing Adversarial Examples[C]//Proceedings of the International Conference on Learning Representations.OpenReview.net,2015:1-11.
[2]CHEN M X,ZHANG J Y,JI S L,et al.Survey of Research Progress on Adversarial Examples in Images[J].Computer Science,2022,49(2):92-106.
[3]WANG C,WEI X L,TIAN Q,et al.Feature Gradient-based Ad-versarial Attack on Modulation Recognition-oriented Deep Neural Networks[J].Computer Science,2021,48(7):25-32.
[4]CHERNIKOVA A,OPREA A.FENCE:Feasible Evasion At-tacks on Neural Networks in Constrained Environments[J].ACM Transactions on Privacy and Security,2022,25(4):1-34.
[5]CHEN J Y,ZHANG D J,HUANG G H,et al.Adversarial Attack and Defense on Graph Neural Networks:A Survey[J].Chinese Journal of Network and Information Security,2021(3):1-28.
[6]LIU X L,LUO Y H,SHAO L,et al.Survey of Generation,Attack and Defense of Adversarial Examples[J].Application Research of Computer,2020,37(11):3201-3205,3212.
[7]WANG Z,SONG M,ZHENG S,et al.Invisible Adversarial Attack against Deep Neural Networks:An Adaptive Penalization Approach[J].IEEE Transactions on Dependable and Secure Computing,2021,18(3):1474-1488.
[8]WANG Q,ZHENG B,LI Q,et al.Towards Query-Efficient Ad-versarial Attacks Against Automatic Speech Recognition Systems[J].IEEE Transaction on Information Forensics and Secu-rity,2021,16:896-908.
[9]WEI X,GUO Y,LI B.Black-box Adversarial Attacks by Mani-pulating Image Attributes[J].Information Sciences,2021,550:285-296.
[10]LIU Y,MA S,AAFER Y,et al.Trojaning Attack on Neural Networks[C]//Proceedings of the Network and Distributed System Security Symposium.Reston:Internet Society,2018:1-15.
[11]ZHONG Y,DENG W.Towards Transferable Adversarial At-tack Against Deep Face Recognition[J].IEEE Transaction on Information Forensics and Security,2021,16:1452-1466.
[12]JING H Y,ZHOU C,HE X.Security Evaluation Method for Risk of Adversarial Attack on Face Detection[J].Computer Science,2021,7(48):17-24.
[13]HAO Z Y,CHEN L,HUANG J C.Class Discriminative Universal Adversarial Attack for Text Classification[J].Computer Science,2022,49(8):323-329.
[14]WANG D N,CHEN W,YANG Y,et al.Defense Method of Adversarial Training based on Gaussian Enhancement and Iterative Attack[J].Computer Science,2021,48(6A):509-513,537.
[15]YAN H,ZHANG J,NIU G,et al.CIFS:Improving Adversarial Robustness of CNNs via Channel-wise Importance-based Feature Selection[C]//Proceedings of the International Conference on Machine Learning.New York:PMLR,2021:1-11.
[16]MADRY A,MAKELOV A,SCHMIDT L,et al.Towards Deep Learning Models Resistant to Adversarial Attacks[C]//Proceedings of the International Conference on Learning Representations.OpenReview.net,2018:1-28.
[17]WANG D,LI C,WEN S,et al.Defending Against Adversarial Attack towards Deep Neural Networks via Collaborative Multi-Task Training[J].IEEE Transactions on Dependable and Secure Computing,2022,19(2):953-965.
[18]CRECCHI F,MELIS M,SOTGIU A,et al.FADER:Fast Adversarial Example Rejection[J].Neurocomputing,2022,470:257-268.
[19]XU W,EVANS D,QI Y.Feature Squeezing:Detecting Adversarial Examples in Deep Neural Networks[C]//Proceedings of the Network and Distributed System Security Symposium.Reston:Internet Society.2018:1-15.
[20]WANG Y,SONG X,XU T,et al.From RGB to Depth:Domain Transfer Network for Face Anti-Spoofing[J].IEEE Transaction on Information Forensics and Security,2021,16:4280-4290.
[21]JIN K,ZHANG T,SHEN C,et al.Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?[J].IEEE Transactions on Dependable and Secure Computing,2022,Early Access:1-15.
[22]WEI Z C,FENG H,ZHANG X Q et al.Research on Physical Adversarial Sample Detection Method based on Attention Mecha-nism[J].Application Research of Computer,2022,39(1):254-258.
[23]LI T,LIU A,LIU X,et al.Understanding Adversarial Robus-tness via Critical Attacking Route[J].Information Sciences,2021,547:568-578.
[24]WANG H,WANG Z,DU M,et al.Score-CAM:Score-weighted Visual Explanations for Convolutional Neural Networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops.New York:IEEE Press,2020:111-119.
[25]ZHANG C,LIU A,LIU X,et al.Interpreting and ImprovingAdversarial Robustness of Deep Neural Networks with Neuron Sensitivity[J].IEEE Transactions on Image Processing,2021,30:1291-1304.
[26]GAVRIKOV P,KEUPER J.Adversarial Robustness throughthe Lens of Convolutional Filters[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops.New York:IEEE Press,2022:1-9.
[27]ZHU C,CHENG Y,GAN Z,et al.FreeLB:Enhanced Adversa-rial Training for Natural Language Understanding[C]//Proceedings of the International Conference on Learning Representations.OpenReview.net,2020:1-12.
[28]ZHANG D,ZHANG T,LU Y,et al.You Only Propagate Once:Accelerating Adversarial Training via Maximal Principle[C]//Advances in Neural Information Processing Systems.New York:Curran Associates,Inc.,2019:1-12.
[29]KANNAN H,KURAKIN A,GOODFELLOW I.AdversarialLogit Pairing[J].arXiv:1803.06373,2018.
[30]MA S,LIU Y,TAO G,et al.NIC:Detecting Adversarial Samples with Neural Network Invariant Checking[C]//Proceedings of the Network and Distributed System Security Symposium.Reston:Internet Society,2019:1-15.
[31]LIAO F,LIANG M,DONG Y,et al.Defense Against Adversa-rial Attacks Using High-Level Representation Guided Denoiser[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.New York:IEEE Press,2018:1778-1787.
[32]SHAHAM U,YAMADA Y,NEGAHBAN S.UnderstandingAdversarial Training:Increasing Local Stability of Supervised Models through Robust Optimization[J].Neurocomputing,2018,307:195-204.
[33]DING G W,WANG L,JIN X.{AdverTorch} v0.1:An Adver-sarial Robustness Toolbox based on PyTorch[J].arXiv:1902.07623,2022.
[34]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing Properties of Neural Networks [C]//International Conference on Learning Representations.OpenReview.net,2014:1-10.
[35]CARLINI N,WAGNER D.Towards Evaluating the Robustness of Neural Networks[C]//Proceedings of the IEEE Symposium on Security and Privacy.New York:IEEE Press,2016:39-57.
[1] ZHAO Mingmin, YANG Qiuhui, HONG Mei, CAI Chuang. Smart Contract Fuzzing Based on Deep Learning and Information Feedback [J]. Computer Science, 2023, 50(9): 117-122.
[2] LI Haiming, ZHU Zhiheng, LIU Lei, GUO Chenkai. Multi-task Graph-embedding Deep Prediction Model for Mobile App Rating Recommendation [J]. Computer Science, 2023, 50(9): 160-167.
[3] HUANG Hanqiang, XING Yunbing, SHEN Jianfei, FAN Feiyi. Sign Language Animation Splicing Model Based on LpTransformer Network [J]. Computer Science, 2023, 50(9): 184-191.
[4] ZHU Ye, HAO Yingguang, WANG Hongyu. Deep Learning Based Salient Object Detection in Infrared Video [J]. Computer Science, 2023, 50(9): 227-234.
[5] WANG Yu, WANG Zuchao, PAN Rui. Survey of DGA Domain Name Detection Based on Character Feature [J]. Computer Science, 2023, 50(8): 251-259.
[6] ZHANG Yian, YANG Ying, REN Gang, WANG Gang. Study on Multimodal Online Reviews Helpfulness Prediction Based on Attention Mechanism [J]. Computer Science, 2023, 50(8): 37-44.
[7] SONG Xinyang, YAN Zhiyuan, SUN Muyi, DAI Linlin, LI Qi, SUN Zhenan. Review of Talking Face Generation [J]. Computer Science, 2023, 50(8): 68-78.
[8] WANG Xu, WU Yanxia, ZHANG Xue, HONG Ruize, LI Guangsheng. Survey of Rotating Object Detection Research in Computer Vision [J]. Computer Science, 2023, 50(8): 79-92.
[9] ZHOU Ziyi, XIONG Hailing. Image Captioning Optimization Strategy Based on Deep Learning [J]. Computer Science, 2023, 50(8): 99-110.
[10] ZHANG Xiao, DONG Hongbin. Lightweight Multi-view Stereo Integrating Coarse Cost Volume and Bilateral Grid [J]. Computer Science, 2023, 50(8): 125-132.
[11] LI Kun, GUO Wei, ZHANG Fan, DU Jiayu, YANG Meiyue. Adversarial Malware Generation Method Based on Genetic Algorithm [J]. Computer Science, 2023, 50(7): 325-331.
[12] WANG Mingxia, XIONG Yun. Disease Diagnosis Prediction Algorithm Based on Contrastive Learning [J]. Computer Science, 2023, 50(7): 46-52.
[13] SHEN Zhehui, WANG Kailai, KONG Xiangjie. Exploring Station Spatio-Temporal Mobility Pattern:A Short and Long-term Traffic Prediction Framework [J]. Computer Science, 2023, 50(7): 98-106.
[14] HUO Weile, JING Tao, REN Shuang. Review of 3D Object Detection for Autonomous Driving [J]. Computer Science, 2023, 50(7): 107-118.
[15] ZHOU Bo, JIANG Peifeng, DUAN Chang, LUO Yuetong. Study on Single Background Object Detection Oriented Improved-RetinaNet Model and Its Application [J]. Computer Science, 2023, 50(7): 137-142.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.