Convolutional neural networks (CNNs) have become a key asset to most of fields in AI. Despite their successful performance, CNNs suffer from a major drawback. They fail to capture the hierarchy of spatial relation among different parts of an entity. As a remedy to this problem, the idea of capsules was proposed by Hinton. In this paper, we propose the SubSpace Capsule Network (SCN) that exploits the idea of capsule networks to model possible variations in the appearance or implicitly-defined properties of an entity through a group of capsule subspaces instead of simply grouping neurons to create capsules. A capsule is created by projecting an input feature vector from a lower layer onto the capsule subspace using a learnable transformation. This transformation finds the degree of alignment of the input with the properties modeled by the capsule subspace.We show that SCN is a general capsule network that can successfully be applied to both discriminative and generative models without incurring computational overhead compared to CNN during test time. Effectiveness of SCN is evaluated through a comprehensive set of experiments on supervised image classification, semi-supervised image classification and high-resolution image generation tasks using the generative adversarial network (GAN) framework. SCN significantly improves the performance of the baseline models in all 3 tasks.
Along with the success of deep neural network (DNN) models in solving various real world problems, rise the threats to these models that aim to degrade their integrity. Trojan attack is one of the recent variant of data poisoning attacks that involves manipulation or modification of the model to act balefully. This can occur when an attacker interferes with the training pipeline by inserting triggers into some of the training samples and trains the model to act maliciously only for samples that are stamped with trigger. Since the knowledge of such triggers is only privy to the attacker, detection of Trojan behaviour is a challenge task. Unlike any of the existing Trojan detectors, a robust detector should not rely on any assumption about Trojan attack. In this paper, we develop a detector based upon the analysis of intrinsic properties of DNN that could get affected by a Trojan attack. To have a comprehensive study, we propose , Odysseus the largest Trojan dataset with over 3,000 trained DNN models, both clean and Trojan. It covers a large spectrum of attacks; generated by leveraging the versatility in designing a trigger and mapping (source to target class) type. Our findings reveal that Trojan attacks affect the classifier margin and shape of decision boundary around the manifold of the clean data. Combining these two factors leads to an efficient Trojan detector; operates irrespective of any knowledge of the Trojan attack; that sets the first baseline for this task with accuracy above 83%. The Odysseus dataset along with the Trojan detector can be downloaded here
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.