Deep Learning algorithms have achieved state-of-the-art performance in various important tasks. However, recent studies have found that an elaborate perturbation may cause a network to misclassify, which is known as an adversarial attack. Based on current research, it is suggested that adversarial examples cannot be eliminated completely. Consequently, it is always possible to determine an attack that is effective against a defense model. We render existing adversarial examples invalid by altering the classification boundaries. Meanwhile, for valid adversarial examples generated against the defense model, the adversarial perturbations are increased so that they can be distinguished by the human eye. This paper proposes a method for implementing the abovementioned concepts through color space transformation. Experiments on CIFAR-10, CIFAR-100, and Mini-ImageNet demonstrate the effectiveness and versatility of our defense method. To the best of our knowledge, this is the first defense model based on the amplification of adversarial perturbations.
Download full-text PDF |
Source |
|---|---|
| http://dx.doi.org/10.1016/j.neunet.2024.106176 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
Avoiding catastrophic overfitting in fast adversarial training with adaptive similarity step size.
PLoS One
January 2025
School of Electrical Engineering, Zhejiang University, Hangzhou, China.
Adversarial training has become a primary method for enhancing the robustness of deep learning models. In recent years, fast adversarial training methods have gained widespread attention due to their lower computational cost. However, since fast adversarial training uses single-step adversarial attacks instead of multi-step attacks, the generated adversarial examples lack diversity, making models prone to catastrophic overfitting and loss of robustness.
View Article and Find Full Text PDFRobust long-tailed recognition with distribution-aware adversarial example generation.
Neural Netw
December 2024
Shanghai University of Traditional Chinese Medicine, No. 530 Lingling Road, Shanghai, 201203, Shanghai, China. Electronic address:
Confronting adversarial attacks and data imbalances, attaining adversarial robustness under long-tailed distribution presents a challenging problem. Adversarial training (AT) is a conventional solution for enhancing adversarial robustness, which generates adversarial examples (AEs) in a generation phase and subsequently trains on these AEs in a training phase. Existing long-tailed adversarial learning methods follow the AT framework and rebalance the AE classification in the training phase.
View Article and Find Full Text PDFRethinking the optimization objective for transferable adversarial examples from a fuzzy perspective.
Neural Netw
December 2024
School of Computer Science and Technology, Xi'an Jiaotong University, Xi'an, China. Electronic address:
Transferable adversarial examples, which are generated by transfer-based attacks, have strong adaptability for attacking a completely unfamiliar victim model without knowing its architecture, parameters and outputs. While current transfer-based attacks easily defeat surrogate model with minor perturbations, they struggle to transfer these perturbations to unfamiliar victim models. To characterize these untransferable adversarial examples, which consist of natural examples and perturbations, we define the concept of fuzzy domain.
View Article and Find Full Text PDFGenerative Artificial Intellegence (AI) in Pathology and Medicine: A Deeper Dive.
Mod Pathol
December 2024
Department of Pathology, University of Pittsburgh Medical Center, PA, USA; Computational Pathology and AI Center of Excellence (CPACE), University of Pittsburgh School of Medicine, Pittsburgh, PA, USA. Electronic address:
This review article builds upon the introductory piece in our seven-part series, delving deeper into the transformative potential of generative artificial intelligence (Gen AI) in pathology and medicine. The article explores the applications of Gen AI models in pathology and medicine, including the use of custom chatbots for diagnostic report generation, synthetic image synthesis for training new models, dataset augmentation, hypothetical scenario generation for educational purposes, and the use of multimodal along with multi-agent models. This article also provides an overview of the common categories within generative AI models, discussing open-source and closed-source models, as well as specific examples of popular models such as GPT-4, Llama, Mistral, DALL-E, Stable Diffusion and their associated frameworks (e.
View Article and Find Full Text PDFSalient object detection dataset with adversarial attacks for genetic programming and neural networks.
Data Brief
December 2024
Department of Data Science, ITESM, Monterrey, 64849, México.
Machine learning is central to mainstream technology and outperforms classical approaches to handcrafted feature design. Aside from its learning process for artificial feature extraction, it has an end-to-end paradigm from input to output, reaching outstandingly accurate results. However, security concerns about its robustness to malicious and imperceptible perturbations have drawn attention since humans or machines can change the predictions of programs entirely.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!