已收录 268921 条政策
 政策提纲
  • 暂无提纲
Improving resistance to adversarial deformations by regularizing gradients
[摘要] Improving the resistance of deep neural networks against adversarial attacks is important for deploying models in realistic applications. Nowadays, most defense methods are designed to resist intensity perturbations, and location perturbations have not yet attracted enough attention. However, these two types should be equally important for deep model security. In this paper, we focus on adversarial deformations, a typical class of location perturbations, and propose a defense method named flow gradient regularization to improve the resistance of models against such attacks. By theoretical analysis, we prove that regularizing flow gradients is able to get a tighter bound than regularizing input gradients. Through verifying over multiple datasets, network architectures, and adversarial deformations, our empirical results indicate that training with flow gradients performs better than training with input gradients by a large margin, and also better than adversarial training. Moreover, the proposed method can be used to combine with adversarial deformation training to improve the resistance further. Our method is now available at https://github.com/xpf/Flow-Gradient-Regularization. (c) 2021 Elsevier B.V. All rights reserved.
[发布日期] 2021-09-30 [发布机构] 
[效力级别]  [学科分类] 
[关键词] Adversarial examples;Adversarial deformations;Flow gradient regularization [时效性] 
   浏览次数:1      统一登录查看全文      激活码登录查看全文