摘要
为了提升深度神经网络的鲁棒性,从频域的角度提出基于离散余弦变换(DCT)的快速对抗训练方法.引入对抗初始化生成模块,根据系统的鲁棒性自适应地生成初始化信息,可以更精准地捕捉到图像特征,有效避免灾难性过拟合.对样本进行随机谱变换,将样本从空间域变换至频谱域,通过控制频谱显著性提高模型的迁移与泛化能力.在CIFAR-10与CIFAR-100数据集上验证提出方法的有效性.实验结果表明,在以ResNet18为目标网络,面对PGD-10攻击时,本文方法在CIFAR-10上的鲁棒精度较现有方法提升了2%~9%,在CIFAR-100上提升了1%~9%.在面对PGD-20、PGD-50、C&W等其他攻击以及架构更复杂的模型时,均取得了类似的效果.提出方法在避免灾难性过拟合现象的同时,有效提高了系统的鲁棒性.
A fast adversarial training method based on discrete cosine transform(DCT)was proposed from the perspective of the frequency domain in order to enhance the robustness of deep neural network.An adversarial initialization generation module was introduced,which adaptively generated initialization information based on the system’s robustness,allowing for more accurate capture of image features and effectively avoiding catastrophic overfitting.Random spectral transformations were applied to the samples,transforming them from the spatial domain to the frequency domain,which improved the model’s transferability and generalization ability by controlling spectral saliency.The effectiveness of the proposed method was validated on the CIFAR-10 and CIFAR-100 datasets.The experimental results show that the robust accuracy of the proposed method on CIFAR-10 improved by 2%to 9%compared to existing methods,and improved by 1%to 9%on CIFAR-100 by using ResNet18 as the target network and facing PGD-10 attacks.Similar effects were achieved when facing PGD-20,PGD-50,C&W and other attacks,as well as when applied to more complex model architectures.The proposed method not only avoids catastrophic overfitting but also effectively enhances system robustness.
作者
王晓淼
张玉金
张涛
田瑾
吴飞
WANG Xiaomiao;ZHANG Yujin;ZHANG Tao;TIAN Jin;WU Fei(School of Electronic and Electrical Engineering,Shanghai University of Engineering Science,Shanghai 201620,China;School of Computer Science and Engineering,Changshu Institute of Technology,Changshu 215500,China)
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2024年第11期2230-2238,共9页
Journal of Zhejiang University:Engineering Science
基金
国家自然科学基金资助项目(62072057)
上海市自然科学基金资助项目(17ZR1411900)
中国高校产学研创新基金资助项目(2021ZYB01003)。
关键词
对抗样本
快速对抗训练
离散余弦变换(DCT)
鲁棒性
样本初始化
adversarial example
fast adversarial training
discrete cosine transform(DCT)
robustness
example initialization
作者简介
王晓淼(1999-),女,硕士生,从事对抗攻防的研究.orcid.org/0009-0003-0561-5610.E-mail:m320121342@sues.edu.cn;通信联系人:张玉金,男,副教授,博士.orcid.org/0000-0003-1225-4334.E-mail:yjzhang@sues.edu.cn。
