Stylized Pairing for Robust Adversarial Defense
Recent studies show that deep neural networks (DNNs)-based object recognition algorithms overly rely on object textures rather than global object shapes, and DNNs are also vulnerable to human-less perceptible adversarial perturbations. Based on these two phenomenons, we conjecture that the preferenc...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-09-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/12/18/9357 |
| _version_ | 1797491410076696576 |
|---|---|
| author | Dejian Guan Wentao Zhao Xiao Liu |
| author_facet | Dejian Guan Wentao Zhao Xiao Liu |
| author_sort | Dejian Guan |
| collection | DOAJ |
| description | Recent studies show that deep neural networks (DNNs)-based object recognition algorithms overly rely on object textures rather than global object shapes, and DNNs are also vulnerable to human-less perceptible adversarial perturbations. Based on these two phenomenons, we conjecture that the preference of DNNs on exploiting object textures for decisions is one of the most important reasons for the existence of adversarial examples. At present, most adversarial defense methods are directly related to adversarial perturbations. In this paper, we propose an adversarial defense method independent of adversarial perturbations, which utilizes a stylized pairing technique to encourage logits for a pair of images and the corresponding stylized image to be similar. With stylized pairing training, DNNs can better learn shape-biased representation. We have empirically evaluated the performance of our method through extensive experiments on CIFAR10, CIFAR100, and ImageNet datasets. Results show that the models with stylized pairing training can significantly improve their performance against adversarial examples. |
| first_indexed | 2024-03-10T00:47:04Z |
| format | Article |
| id | doaj.art-700d362221164cd9a509f633d7cf114f |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-10T00:47:04Z |
| publishDate | 2022-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-700d362221164cd9a509f633d7cf114f2023-11-23T14:57:18ZengMDPI AGApplied Sciences2076-34172022-09-011218935710.3390/app12189357Stylized Pairing for Robust Adversarial DefenseDejian Guan0Wentao Zhao1Xiao Liu2College of Computer, National University of Defense Technology, Changsha 410000, ChinaCollege of Computer, National University of Defense Technology, Changsha 410000, ChinaCollege of Computer, National University of Defense Technology, Changsha 410000, ChinaRecent studies show that deep neural networks (DNNs)-based object recognition algorithms overly rely on object textures rather than global object shapes, and DNNs are also vulnerable to human-less perceptible adversarial perturbations. Based on these two phenomenons, we conjecture that the preference of DNNs on exploiting object textures for decisions is one of the most important reasons for the existence of adversarial examples. At present, most adversarial defense methods are directly related to adversarial perturbations. In this paper, we propose an adversarial defense method independent of adversarial perturbations, which utilizes a stylized pairing technique to encourage logits for a pair of images and the corresponding stylized image to be similar. With stylized pairing training, DNNs can better learn shape-biased representation. We have empirically evaluated the performance of our method through extensive experiments on CIFAR10, CIFAR100, and ImageNet datasets. Results show that the models with stylized pairing training can significantly improve their performance against adversarial examples.https://www.mdpi.com/2076-3417/12/18/9357stylized pairingrobust optimizationadversarial defensedeep learning |
| spellingShingle | Dejian Guan Wentao Zhao Xiao Liu Stylized Pairing for Robust Adversarial Defense Applied Sciences stylized pairing robust optimization adversarial defense deep learning |
| title | Stylized Pairing for Robust Adversarial Defense |
| title_full | Stylized Pairing for Robust Adversarial Defense |
| title_fullStr | Stylized Pairing for Robust Adversarial Defense |
| title_full_unstemmed | Stylized Pairing for Robust Adversarial Defense |
| title_short | Stylized Pairing for Robust Adversarial Defense |
| title_sort | stylized pairing for robust adversarial defense |
| topic | stylized pairing robust optimization adversarial defense deep learning |
| url | https://www.mdpi.com/2076-3417/12/18/9357 |
| work_keys_str_mv | AT dejianguan stylizedpairingforrobustadversarialdefense AT wentaozhao stylizedpairingforrobustadversarialdefense AT xiaoliu stylizedpairingforrobustadversarialdefense |