Robust Deep Learning Models against Semantic-Preserving Adversarial Attack

Yunce ZHAO, Dashan GAO*, Yinghua YAO, Zeqi ZHANG, Bifei MAO, Xin YAO

*Corresponding author for this work

Research output: Book Chapters | Papers in Conference ProceedingsConference paper (refereed)Researchpeer-review

Abstract

Deep learning models can be fooled by small lp-norm adversarial perturbations and natural perturbations in terms of attributes. Although the robustness against each perturbation has been explored, it remains a challenge to address the robustness against joint perturbations effectively. In this paper, we study the robustness of deep learning models against joint perturbations by proposing a novel attack mechanism named Semantic-Preserving Adversarial (SPA) attack, which can then be used to enhance adversarial training. Specifically, we introduce an attribute manipulator to generate natural and human-comprehensible perturbations and a noise generator to generate diverse adversarial noises. Based on such combined noises, we optimize both the attribute value and the diversity variable to generate jointly-perturbed samples. For robust training, we adversarially train the deep learning model against the generated joint perturbations. Empirical results on four benchmarks show that the SPA attack causes a larger performance decline with small l∞ norm-ball constraints compared to existing approaches. Furthermore, our SPA-enhanced training outperforms existing defense methods against such joint perturbations. © 2023 IEEE.
Original languageEnglish
Title of host publication2023 International Joint Conference on Neural Networks (IJCNN) Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages8
ISBN (Electronic)9781665488679
ISBN (Print)9781665488686
DOIs
Publication statusPublished - 18 Jun 2023
Externally publishedYes
EventInternational Joint Conference on Neural Networks 2023 - Gold Coast Convention and Exhibition Centre, Broadbeach , Australia
Duration: 18 Jun 202323 Jun 2023

Publication series

NameProceedings of ... International Joint Conference on Neural Networks
PublisherIEEE
ISSN (Print)2161-4393
ISSN (Electronic)2161-4407

Conference

ConferenceInternational Joint Conference on Neural Networks 2023
Abbreviated titleIJCNN 2023
Country/TerritoryAustralia
CityBroadbeach
Period18/06/2323/06/23

Bibliographical note

This research was supported by Huawei Technologies Co., Ltd., Research Institute of Trustworthy Autonomous Systems (RITAS), the Guangdong Provincial Key Laboratory (Grant No. 2020B121201001), and National Natural Science Foundation of China (Grant No. 62250710682).

Keywords

  • Adversarial Examples
  • Adversarial Perturbation
  • Natural Perturbation
  • Robustness

Fingerprint

Dive into the research topics of 'Robust Deep Learning Models against Semantic-Preserving Adversarial Attack'. Together they form a unique fingerprint.

Cite this