Graddiv: Adversarial robustness of randomized neural networks via gradient diversity regularization
- Authors
- Lee, Sungyoon; Kim, Hoki; Lee, Jaewook
- Issue Date
- Apr-2022
- Publisher
- IEEE COMPUTER SOC
- Keywords
- Adversarial robustness; defense against adversarial attacks; randomized neural networks; directional analysis
- Citation
- IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, v.45, no.2, pp.2645 - 2651
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE
- Volume
- 45
- Number
- 2
- Start Page
- 2645
- End Page
- 2651
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/188682
- DOI
- 10.1109/TPAMI.2022.3169217
- ISSN
- 0162-8828
- Abstract
- Deep learning is vulnerable to adversarial examples. Many defenses based on randomized neural networks have been proposed to solve the problem, but fail to achieve robustness against attacks using proxy gradients such as the Expectation over Transformation (EOT) attack. We investigate the effect of the adversarial attacks using proxy gradients on randomized neural networks and demonstrate that it highly relies on the directional distribution of the loss gradients of the randomized neural network. We show in particular that proxy gradients are less effective when the gradients are more scattered. To this end, we propose Gradient Diversity (GradDiv) regularizations that minimize the concentration of the gradients to build a robust randomized neural network. Our experiments on MNIST, CIFAR10, and STL10 show that our proposed GradDiv regularizations improve the adversarial robustness of randomized neural networks against a variety of state-of-the-art attack methods. Moreover, our method efficiently reduces the transferability among sample models of randomized neural networks.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.