Cargando…
Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks
Regularization has become an important method in adversarial defense. However, the existing regularization-based defense methods do not discuss which features in convolutional neural networks (CNN) are more suitable for regularization. Thus, in this paper, we propose a multi-stage feature fusion net...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9324889/ https://www.ncbi.nlm.nih.gov/pubmed/35891112 http://dx.doi.org/10.3390/s22145431 |
| _version_ | 1784756913036066816 |
|---|---|
| author | Zhang, Jiahuan Maeda, Keisuke Ogawa, Takahiro Haseyama, Miki |
| author_facet | Zhang, Jiahuan Maeda, Keisuke Ogawa, Takahiro Haseyama, Miki |
| author_sort | Zhang, Jiahuan |
| collection | PubMed |
| description | Regularization has become an important method in adversarial defense. However, the existing regularization-based defense methods do not discuss which features in convolutional neural networks (CNN) are more suitable for regularization. Thus, in this paper, we propose a multi-stage feature fusion network with a feature regularization operation, which is called Enhanced Multi-Stage Feature Fusion Network (EMSF(2)Net). EMSF(2)Net mainly combines three parts: multi-stage feature enhancement (MSFE), multi-stage feature fusion (MSF(2)), and regularization. Specifically, MSFE aims to obtain enhanced and expressive features in each stage by multiplying the features of each channel; MSF(2) aims to fuse the enhanced features of different stages to further enrich the information of the feature, and the regularization part can regularize the fused and original features during the training process. EMSF(2)Net has proved that if the regularization term of the enhanced multi-stage feature is added, the adversarial robustness of CNN will be significantly improved. The experimental results on extensive white-box attacks on the CIFAR-10 dataset illustrate the robustness and effectiveness of the proposed method. |
| format | Online Article Text |
| id | pubmed-9324889 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-93248892022-07-27 Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks Zhang, Jiahuan Maeda, Keisuke Ogawa, Takahiro Haseyama, Miki Sensors (Basel) Article Regularization has become an important method in adversarial defense. However, the existing regularization-based defense methods do not discuss which features in convolutional neural networks (CNN) are more suitable for regularization. Thus, in this paper, we propose a multi-stage feature fusion network with a feature regularization operation, which is called Enhanced Multi-Stage Feature Fusion Network (EMSF(2)Net). EMSF(2)Net mainly combines three parts: multi-stage feature enhancement (MSFE), multi-stage feature fusion (MSF(2)), and regularization. Specifically, MSFE aims to obtain enhanced and expressive features in each stage by multiplying the features of each channel; MSF(2) aims to fuse the enhanced features of different stages to further enrich the information of the feature, and the regularization part can regularize the fused and original features during the training process. EMSF(2)Net has proved that if the regularization term of the enhanced multi-stage feature is added, the adversarial robustness of CNN will be significantly improved. The experimental results on extensive white-box attacks on the CIFAR-10 dataset illustrate the robustness and effectiveness of the proposed method. MDPI 2022-07-20 /pmc/articles/PMC9324889/ /pubmed/35891112 http://dx.doi.org/10.3390/s22145431 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Zhang, Jiahuan Maeda, Keisuke Ogawa, Takahiro Haseyama, Miki Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks |
| title | Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks |
| title_full | Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks |
| title_fullStr | Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks |
| title_full_unstemmed | Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks |
| title_short | Regularization Meets Enhanced Multi-Stage Fusion Features: Making CNN More Robust against White-Box Adversarial Attacks |
| title_sort | regularization meets enhanced multi-stage fusion features: making cnn more robust against white-box adversarial attacks |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9324889/ https://www.ncbi.nlm.nih.gov/pubmed/35891112 http://dx.doi.org/10.3390/s22145431 |
| work_keys_str_mv | AT zhangjiahuan regularizationmeetsenhancedmultistagefusionfeaturesmakingcnnmorerobustagainstwhiteboxadversarialattacks AT maedakeisuke regularizationmeetsenhancedmultistagefusionfeaturesmakingcnnmorerobustagainstwhiteboxadversarialattacks AT ogawatakahiro regularizationmeetsenhancedmultistagefusionfeaturesmakingcnnmorerobustagainstwhiteboxadversarialattacks AT haseyamamiki regularizationmeetsenhancedmultistagefusionfeaturesmakingcnnmorerobustagainstwhiteboxadversarialattacks |