Boosting Adversarial Training with Learnable Distribution

作     者：Kai Chen Jinwei Wang James Msughter Adeke Guangjie Liu Yuewei Dai 

作者机构：School of Electronics and Information EngineeringNanjing University of Information Science and TechnologyNanjing210044China Key Laboratory of Intelligent Support Technology for Complex EnvironmentsMinistry of EducationNanjing210044China School of Computer and SoftwareNanjing University of Information Science and TechnologyNanjing210044China Nanjing Center for Applied MathematicsNanjing211135China 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2024年第78卷第3期

页      面：3247-3265页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 081104[工学-模式识别与智能系统] 08[工学] 0805[工学-材料科学与工程（可授工学、理学学位）] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Natural Science Foundation of China(No.U21B2003,62072250,62072250,62172435,U1804263,U20B2065,61872203,71802110,61802212) the National Key R&D Program of China(No.2021QY0700) the Key Laboratory of Intelligent Support Technology for Complex Environments(Nanjing University of Information Science and Technology),Ministry of Education,and the Natural Science Foundation of Jiangsu Province(No.BK20200750) Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(No.HNTS2022002) Post Graduate Research&Practice Innvoation Program of Jiangsu Province(No.KYCX200974) Open Project Fund of Shandong Provincial Key Laboratory of Computer Network(No.SDKLCN-2022-05) the Priority Academic Program Development of Jiangsu Higher Education Institutions(PAPD)Fund and Graduate Student Scientific Research Innovation Projects of Jiangsu Province(No.KYCX231359) 

主　　题：Adversarial training feature space learnable distribution distribution centroid 

摘      要：In recent years,various adversarial defense methods have been proposed to improve the robustness of deep neural *** training is one of the most potent methods to defend against adversarial ***,the difference in the feature space between natural and adversarial examples hinders the accuracy and robustness of the model in adversarial *** paper proposes a learnable distribution adversarial training method,aiming to construct the same distribution for training data utilizing the Gaussian mixture *** distribution centroid is built to classify samples and constrain the distribution of the sample *** natural and adversarial examples are pushed to the same distribution centroid to improve the accuracy and robustness of the *** proposed method generates adversarial examples to close the distribution gap between the natural and adversarial examples through an attack algorithm explicitly designed for adversarial *** algorithm gradually increases the accuracy and robustness of the model by scaling ***,the proposed method outputs the predicted labels and the distance between the sample and the distribution *** distribution characteristics of the samples can be utilized to detect adversarial cases that can potentially evade the model *** effectiveness of the proposed method is demonstrated through comprehensive experiments.