Adversarial Defence by Diversified Simultaneous Training of Deep Ensembles

Bo Huang; Zhiwei Ke; Yi Wang; Wei Wang; Linlin Shen; Feng Liu

Adversarial Defence by Diversified Simultaneous Training of Deep Ensembles

Bo Huang, Zhiwei Ke, Yi Wang, Wei Wang, Linlin Shen, Feng Liu

School of Computer Science

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

9 Citations (Scopus)

Abstract

Learning-based classifiers are susceptible to adversarial examples. Existing defence methods are mostly devised on individual classifiers. Recent studies showed that it is viable to increase adversarial robustness by promoting diversity over an ensemble of models. In this paper, we propose adversarial defence by encouraging ensemble diversity on learning high-level feature representations and gradient dispersion in simultaneous training of deep ensemble networks. We perform extensive evaluations under white-box and black-box attacks including transferred examples and adaptive attacks. Our approach achieves a significant gain of up to 52% in adversarial robustness, compared with the baseline and the state-of-the-art method on image benchmarks with complex data scenes. The proposed approach complements the defence paradigm of adversarial training, and can further boost the performance. The source code is available at https://github.com/ALIS-Lab/AAAI2021-PDD.

Original language	English
Title of host publication	35th AAAI Conference on Artificial Intelligence, AAAI 2021
Publisher	Association for the Advancement of Artificial Intelligence
Pages	7823-7831
Number of pages	9
ISBN (Electronic)	9781713835974
Publication status	Published - 2021
Event	35th AAAI Conference on Artificial Intelligence, AAAI 2021 - Virtual, Online Duration: 2 Feb 2021 → 9 Feb 2021

Publication series

Name	35th AAAI Conference on Artificial Intelligence, AAAI 2021
Volume	9A

Conference

Conference	35th AAAI Conference on Artificial Intelligence, AAAI 2021
City	Virtual, Online
Period	2/02/21 → 9/02/21

ASJC Scopus subject areas

Artificial Intelligence

Cite this

@inproceedings{1b8229c8ca1d45168ffde32dcf66c90d,

title = "Adversarial Defence by Diversified Simultaneous Training of Deep Ensembles",

abstract = "Learning-based classifiers are susceptible to adversarial examples. Existing defence methods are mostly devised on individual classifiers. Recent studies showed that it is viable to increase adversarial robustness by promoting diversity over an ensemble of models. In this paper, we propose adversarial defence by encouraging ensemble diversity on learning high-level feature representations and gradient dispersion in simultaneous training of deep ensemble networks. We perform extensive evaluations under white-box and black-box attacks including transferred examples and adaptive attacks. Our approach achieves a significant gain of up to 52% in adversarial robustness, compared with the baseline and the state-of-the-art method on image benchmarks with complex data scenes. The proposed approach complements the defence paradigm of adversarial training, and can further boost the performance. The source code is available at https://github.com/ALIS-Lab/AAAI2021-PDD.",

author = "Bo Huang and Zhiwei Ke and Yi Wang and Wei Wang and Linlin Shen and Feng Liu",

note = "Publisher Copyright: Copyright {\textcopyright} 2021, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved; 35th AAAI Conference on Artificial Intelligence, AAAI 2021 ; Conference date: 02-02-2021 Through 09-02-2021",

year = "2021",

language = "English",

series = "35th AAAI Conference on Artificial Intelligence, AAAI 2021",

publisher = "Association for the Advancement of Artificial Intelligence",

pages = "7823--7831",

booktitle = "35th AAAI Conference on Artificial Intelligence, AAAI 2021",

}

Huang, B, Ke, Z, Wang, Y, Wang, W, Shen, L & Liu, F 2021, Adversarial Defence by Diversified Simultaneous Training of Deep Ensembles. in 35th AAAI Conference on Artificial Intelligence, AAAI 2021. 35th AAAI Conference on Artificial Intelligence, AAAI 2021, vol. 9A, Association for the Advancement of Artificial Intelligence, pp. 7823-7831, 35th AAAI Conference on Artificial Intelligence, AAAI 2021, Virtual, Online, 2/02/21.

Adversarial Defence by Diversified Simultaneous Training of Deep Ensembles. / Huang, Bo; Ke, Zhiwei; Wang, Yi et al.
35th AAAI Conference on Artificial Intelligence, AAAI 2021. Association for the Advancement of Artificial Intelligence, 2021. p. 7823-7831 (35th AAAI Conference on Artificial Intelligence, AAAI 2021; Vol. 9A).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adversarial Defence by Diversified Simultaneous Training of Deep Ensembles

AU - Huang, Bo

AU - Ke, Zhiwei

AU - Wang, Yi

AU - Wang, Wei

AU - Shen, Linlin

AU - Liu, Feng

PY - 2021

Y1 - 2021

N2 - Learning-based classifiers are susceptible to adversarial examples. Existing defence methods are mostly devised on individual classifiers. Recent studies showed that it is viable to increase adversarial robustness by promoting diversity over an ensemble of models. In this paper, we propose adversarial defence by encouraging ensemble diversity on learning high-level feature representations and gradient dispersion in simultaneous training of deep ensemble networks. We perform extensive evaluations under white-box and black-box attacks including transferred examples and adaptive attacks. Our approach achieves a significant gain of up to 52% in adversarial robustness, compared with the baseline and the state-of-the-art method on image benchmarks with complex data scenes. The proposed approach complements the defence paradigm of adversarial training, and can further boost the performance. The source code is available at https://github.com/ALIS-Lab/AAAI2021-PDD.

AB - Learning-based classifiers are susceptible to adversarial examples. Existing defence methods are mostly devised on individual classifiers. Recent studies showed that it is viable to increase adversarial robustness by promoting diversity over an ensemble of models. In this paper, we propose adversarial defence by encouraging ensemble diversity on learning high-level feature representations and gradient dispersion in simultaneous training of deep ensemble networks. We perform extensive evaluations under white-box and black-box attacks including transferred examples and adaptive attacks. Our approach achieves a significant gain of up to 52% in adversarial robustness, compared with the baseline and the state-of-the-art method on image benchmarks with complex data scenes. The proposed approach complements the defence paradigm of adversarial training, and can further boost the performance. The source code is available at https://github.com/ALIS-Lab/AAAI2021-PDD.

UR - http://www.scopus.com/inward/record.url?scp=85130090236&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85130090236

T3 - 35th AAAI Conference on Artificial Intelligence, AAAI 2021

SP - 7823

EP - 7831

BT - 35th AAAI Conference on Artificial Intelligence, AAAI 2021

PB - Association for the Advancement of Artificial Intelligence

T2 - 35th AAAI Conference on Artificial Intelligence, AAAI 2021

Y2 - 2 February 2021 through 9 February 2021

ER -

Adversarial Defence by Diversified Simultaneous Training of Deep Ensembles

Abstract

Publication series

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this