Robust Deep Learning Models against Semantic-Preserving Adversarial Attack

Zhao，Yunce1,2; Gao，Dashan3; Yao，Yinghua1,2; Zhang，Zeqi4; Mao，Bifei4; Yao，Xin1

10.1109/IJCNN54540.2023.10191198

2023

International Joint Conference on Neural Networks (IJCNN)

2161-4393

Proceedings of the International Joint Conference on Neural Networks

2023-June

JUN 18-23, 2023

null,Broadbeach,AUSTRALIA

345 E 47TH ST, NEW YORK, NY 10017 USA

IEEE

Deep learning models can be fooled by small lp-norm adversarial perturbations and natural perturbations in terms of attributes. Although the robustness against each perturbation has been explored, it remains a challenge to address the robustness against joint perturbations effectively. In this paper, we study the robustness of deep learning models against joint perturbations by proposing a novel attack mechanism named Semantic-Preserving Adversarial (SPA) attack, which can then be used to enhance adversarial training. Specifically, we introduce an attribute manipulator to generate natural and human-comprehensible perturbations and a noise generator to generate diverse adversarial noises. Based on such combined noises, we optimize both the attribute value and the diversity variable to generate jointly-perturbed samples. For robust training, we adversarially train the deep learning model against the generated joint perturbations. Empirical results on four benchmarks show that the SPA attack causes a larger performance decline with small l∞ norm-ball constraints compared to existing approaches. Furthermore, our SPA-enhanced training outperforms existing defense methods against such joint perturbations.

Adversarial Examples Adversarial Perturbation Natural Perturbation Robustness

第一 ; 通讯

英语

CPCI-S

Guangdong Provincial Key Laboratory[2020B121201001]

Computer Science ; Engineering

Computer Science, Artificial Intelligence ; Computer Science, Hardware & Architecture ; Engineering, Electrical & Electronic

WOS:001046198701035

2-s2.0-85169592337

Scopus

1.Dept. of Cse,SUSTech,Shenzhen,China
2.Dept. of Cse,University of Technology,Sydney,Australia
3.SUSTech,Hkust,Dept. of CSE,Hong Kong
4.Huawei Technologies Co.,Ltd.,Shenzhen,China

Zhao，Yunce,Gao，Dashan,Yao，Yinghua,et al. Robust Deep Learning Models against Semantic-Preserving Adversarial Attack[C]. 345 E 47TH ST, NEW YORK, NY 10017 USA:IEEE,2023.