Regularization Meets Enhanced Multi-Stage Fusion Features : Making CNN More Robust against White-Box Adversarial Attacks

Zhang, Jiahuan; Maeda, Keisuke; Ogawa, Takahiro; Haseyama, Miki

doi:10.3390/s22145431


Hokkaido University \| Library \| HUSCAP	Advanced Search		言語

	Home
	About HUSCAP
	Open Access Policy

	Browse by Author

Browse
	Communities & Collections

	Scholarly Journals
	Theses
	Doctoral Dissertations Listed by Graduate Schools
	Conference Procs.
	Events

	HUSCAP Senior (in Japanese)

	Societies

	Downloads (country)

For university staff
	How to post your papers to HUSCAP
	Publication of theses
	Helpline about theses publication

Open Archives Compliant

You can search our collection also at:
	Google
	Google Scholar
	CiNii
	IRDB
	OAIster
	NDLTD

Hokkaido University Collection of Scholarly and Academic Papers >
Graduate School of Information Science and Technology / Faculty of Information Science and Technology >
Peer-reviewed Journal Articles, etc >

Regularization Meets Enhanced Multi-Stage Fusion Features : Making CNN More Robust against White-Box Adversarial Attacks

Files in This Item:

The file(s) associated with this item can be obtained from the following URL: https://doi.org/10.3390/s22145431

Title:	Regularization Meets Enhanced Multi-Stage Fusion Features : Making CNN More Robust against White-Box Adversarial Attacks
Authors:	Zhang, Jiahuan Browse this author
	Maeda, Keisuke Browse this author
	Ogawa, Takahiro Browse this author →KAKEN DB
	Haseyama, Miki Browse this author →KAKEN DB
Keywords:	adversarial defense
	adversarial attack
	feature enhancement
	feature regularization
Issue Date:	20-Jul-2022
Publisher:	MDPI
Journal Title:	Sensors
Volume:	22
Issue:	14
Start Page:	5431
Publisher DOI:	10.3390/s22145431
Abstract:	Regularization has become an important method in adversarial defense. However, the existing regularization-based defense methods do not discuss which features in convolutional neural networks (CNN) are more suitable for regularization. Thus, in this paper, we propose a multi-stage feature fusion network with a feature regularization operation, which is called Enhanced Multi-Stage Feature Fusion Network (EMSF(2)Net). EMSF(2)Net mainly combines three parts: multi-stage feature enhancement (MSFE), multi-stage feature fusion (MSF2), and regularization. Specifically, MSFE aims to obtain enhanced and expressive features in each stage by multiplying the features of each channel; MSF2 aims to fuse the enhanced features of different stages to further enrich the information of the feature, and the regularization part can regularize the fused and original features during the training process. EMSF(2)Net has proved that if the regularization term of the enhanced multi-stage feature is added, the adversarial robustness of CNN will be significantly improved. The experimental results on extensive white-box attacks on the CIFAR-10 dataset illustrate the robustness and effectiveness of the proposed method.
Type:	article
URI:	http://hdl.handle.net/2115/86624
Appears in Collections:	情報科学院・情報科学研究院 (Graduate School of Information Science and Technology / Faculty of Information Science and Technology) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)

OAI-PMH ( junii2 , jpcoar_1.0 )

- Hokkaido University