Negatively correlated ensemble against transfer adversarial attacks

Yunce ZHAO, Wei HUANG, Wei LIU, Xin YAO*

*Corresponding author for this work

Research output: Journal PublicationsJournal Article (refereed)peer-review

Abstract

Deep neural networks (DNNs) have become a popular tool in various fields, but their susceptibility to adversarial attacks poses a significant threat to the security of machine learning systems. Adversarial examples, which are intentionally crafted inputs to deceive a DNN, can easily transfer between different machine learning models, further exacerbating the problem. To address the transfer adversarial vulnerability issue, ensemble methods have been developed to promote diversity among members, thereby impeding the transfer of adversarial examples among them. However, we observed that the diversity among ensemble members tends to diminish rapidly as the magnitude of adversarial perturbations increases. All ensemble members tend to be deceived by the same adversarial example, resulting in a poor performance against slightly larger transfer adversarial perturbations. To overcome this challenge, we introduce NCRE (negative correlation robust ensemble) and NCRE
(negative correlation robust ensemble on adversarial vulnerabilities) in this work. Our approach leverages the explicit maximization of negative correlation among ensemble member outputs to enhance ensemble diversity and robustness against adversarial perturbations, particularly transfer black-box attacks. Extensive experimental studies and comparisons with state-of-the-art algorithms demonstrate the effectiveness of our approach.
Original languageEnglish
Article number111155
JournalPattern Recognition
DOIs
Publication statusE-pub ahead of print - 22 Nov 2024

Fingerprint

Dive into the research topics of 'Negatively correlated ensemble against transfer adversarial attacks'. Together they form a unique fingerprint.

Cite this