Abstract
Deep neural networks (DNNs) have become a popular tool in various fields, but their susceptibility to adversarial attacks poses a significant threat to the security of machine learning systems. Adversarial examples, which are intentionally crafted inputs to deceive a DNN, can easily transfer between different machine learning models, further exacerbating the problem. To address the transfer adversarial vulnerability issue, ensemble methods have been developed to promote diversity among members, thereby impeding the transfer of adversarial examples among them. However, we observed that the diversity among ensemble members tends to diminish rapidly as the magnitude of adversarial perturbations increases. All ensemble members tend to be deceived by the same adversarial example, resulting in a poor performance against slightly larger transfer adversarial perturbations. To overcome this challenge, we introduce NCRE (negative correlation robust ensemble) and NCRE
(negative correlation robust ensemble on adversarial vulnerabilities) in this work. Our approach leverages the explicit maximization of negative correlation among ensemble member outputs to enhance ensemble diversity and robustness against adversarial perturbations, particularly transfer black-box attacks. Extensive experimental studies and comparisons with state-of-the-art algorithms demonstrate the effectiveness of our approach.
(negative correlation robust ensemble on adversarial vulnerabilities) in this work. Our approach leverages the explicit maximization of negative correlation among ensemble member outputs to enhance ensemble diversity and robustness against adversarial perturbations, particularly transfer black-box attacks. Extensive experimental studies and comparisons with state-of-the-art algorithms demonstrate the effectiveness of our approach.
Original language | English |
---|---|
Article number | 111155 |
Journal | Pattern Recognition |
DOIs | |
Publication status | E-pub ahead of print - 22 Nov 2024 |