Towards Gradient-Based Saliency Consensus Training for Adversarial Robustness
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING(2024)
Jiaotong Univ | Xi An Jiao Tong Univ
Abstract
In recent works, robust networks have consistently exhibited more discriminative saliency map that proves to indicate sufficient adversarial robustness. In existed safe training paradigms e.g., adversarial training, however, the progressive saliency information regarding on what input semantic feature model prediction relies, have not yet been fully-explored. Due to this, we consider the incorporation of posterior saliency properties of robust model in training, as an efficient supervision signal on robust learning. It thus provides an alternative direction to enhance robustness, from the saliency interpretability perspective. In this article, to harden model we propose to optimize the discrimination of intermediate gradient-based saliency and maintain its consensus in training, which encourage model to behave according to task-relevant feature from the salient region such as object edges in image. Then, we introduce Adversarially Gradient-based Saliency Consensus Training method, dubbed Adv-GSCT. Within it, we preserve the similarity between the learned model saliency and the target one as label, approximated in the most offending case representing the least but essential information scenario. Meanwhile, a constructed pseudo-input coupled with feature importance, is feed into model to ensure the discrimination of estimated target saliency. Besides providing a novel insight into adversarial defense, Adv-GSCT differs from the current most effective adversarial training and does not need multiple iterative generations of adversarial perturbation whose computational cost and sensitivity direction of prediction concern. Finally, extensive performance evaluations on MNIST, CIFAR-10 and ImageNet datasets demonstrate the superiority of our proposed method.
MoreTranslated text
Key words
Adversarial robustness,saliency consensus,deep neural networks
求助PDF
上传PDF
View via Publisher
AI Read Science
AI Summary
AI Summary is the key point extracted automatically understanding the full text of the paper, including the background, methods, results, conclusions, icons and other key content, so that you can get the outline of the paper at a glance.
Example
Background
Key content
Introduction
Methods
Results
Related work
Fund
Key content
- Pretraining has recently greatly promoted the development of natural language processing (NLP)
- We show that M6 outperforms the baselines in multimodal downstream tasks, and the large M6 with 10 parameters can reach a better performance
- We propose a method called M6 that is able to process information of multiple modalities and perform both single-modal and cross-modal understanding and generation
- The model is scaled to large model with 10 billion parameters with sophisticated deployment, and the 10 -parameter M6-large is the largest pretrained model in Chinese
- Experimental results show that our proposed M6 outperforms the baseline in a number of downstream tasks concerning both single modality and multiple modalities We will continue the pretraining of extremely large models by increasing data to explore the limit of its performance
Upload PDF to Generate Summary
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Related Papers
Revisiting Gradient Regularization: Inject Robust Saliency-Aware Weight Bias for Adversarial Defense
IEEE Transactions on Information Forensics and Security 2023
被引用1
Data Disclaimer
The page data are from open Internet sources, cooperative publishers and automatic analysis results through AI technology. We do not make any commitments and guarantees for the validity, accuracy, correctness, reliability, completeness and timeliness of the page data. If you have any questions, please contact us by email: report@aminer.cn
Chat Paper
GPU is busy, summary generation fails
Rerequest