Hokkaido University Collection of Scholarly and Academic Papers >
Graduate School of Information Science and Technology / Faculty of Information Science and Technology >
Peer-reviewed Journal Articles, etc >
Regularization Meets Enhanced Multi-Stage Fusion Features : Making CNN More Robust against White-Box Adversarial Attacks
Title: | Regularization Meets Enhanced Multi-Stage Fusion Features : Making CNN More Robust against White-Box Adversarial Attacks |
Authors: | Zhang, Jiahuan Browse this author | Maeda, Keisuke Browse this author | Ogawa, Takahiro Browse this author →KAKEN DB | Haseyama, Miki Browse this author →KAKEN DB |
Keywords: | adversarial defense | adversarial attack | feature enhancement | feature regularization |
Issue Date: | 20-Jul-2022 |
Publisher: | MDPI |
Journal Title: | Sensors |
Volume: | 22 |
Issue: | 14 |
Start Page: | 5431 |
Publisher DOI: | 10.3390/s22145431 |
Abstract: | Regularization has become an important method in adversarial defense. However, the existing regularization-based defense methods do not discuss which features in convolutional neural networks (CNN) are more suitable for regularization. Thus, in this paper, we propose a multi-stage feature fusion network with a feature regularization operation, which is called Enhanced Multi-Stage Feature Fusion Network (EMSF(2)Net). EMSF(2)Net mainly combines three parts: multi-stage feature enhancement (MSFE), multi-stage feature fusion (MSF2), and regularization. Specifically, MSFE aims to obtain enhanced and expressive features in each stage by multiplying the features of each channel; MSF2 aims to fuse the enhanced features of different stages to further enrich the information of the feature, and the regularization part can regularize the fused and original features during the training process. EMSF(2)Net has proved that if the regularization term of the enhanced multi-stage feature is added, the adversarial robustness of CNN will be significantly improved. The experimental results on extensive white-box attacks on the CIFAR-10 dataset illustrate the robustness and effectiveness of the proposed method. |
Type: | article |
URI: | http://hdl.handle.net/2115/86624 |
Appears in Collections: | 情報科学院・情報科学研究院 (Graduate School of Information Science and Technology / Faculty of Information Science and Technology) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)
|
|