Abstract
A human does not have to see all elephants to recognize an animal as an elephant. On contrast, current state-of-the-art deep learning approaches heavily depend on the variety of training samples and the capacity of the network. In practice, the size of network is always limited and it is impossible to access all the data samples. Under this circumstance, deep learning models are extremely fragile to human-imperceivable adversarial examples, which impose threats to all safety critical systems. Inspired by the association and attention mechanisms of the human brain, we propose reverse adversarial examples method that can greatly improve models' robustness on unseen data. Experiments show that our reverse adversarial method can improve accuracy on average 19.02% on ResNet18, MobileNet, and VGG16 on unseen data transformation. Besides, the proposed method is also applicable to compressed models and shows potential to compensate the robustness drop brought by model quantization - an absolute 30.78% accuracy improvement.
Abstract (translated)
人类不需要看到所有的大象就可以认出一头动物是大象。相比之下,当前最先进的深度学习方法在很大程度上取决于培训样本的多样性和网络的能力。在实际应用中,网络的规模总是有限的,不可能访问所有的数据样本。在这种情况下,深度学习模式对人类无法想象的对抗性例子极为脆弱,这些例子对所有安全关键系统都构成威胁。受人脑联想和注意机制的启发,我们提出了反向反例法,可以大大提高模型对未知数据的鲁棒性。实验表明,我们的反向对抗方法在resnet18、mobilenet、vgg16等未知数据转换中平均提高了19.02%的精度。此外,该方法也适用于压缩模型,并显示出补偿模型量化带来的鲁棒性下降的潜力——绝对提高了30.78%的精度。
URL
https://arxiv.org/abs/1905.12171
