Adversarial Attack Type I: Cheat Classifiers by Significant Changes

Tang, Sanli; Huang, Xiaolin; Chen, Mingjian; Sun, Chengjin; Yang, Jie

doi:10.1109/tpami.2019.2936378

Cited by 28 publications

(22 citation statements)

References 30 publications

(82 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most researches [19,28] discuss adversarial attack in image classification tasks, where invisible perturbations are created to make the network give wrong predictions. But, in scene text spotting tasks, the target is to detect and recognize texts in scene images, instead of classifying the input image.…”

Section: Adversarial Attackmentioning

confidence: 99%

See 1 more Smart Citation

ADVMIX: Data Augmentation for Accurate Scene Text Spotting

Huang¹,

Fang

Huang

et al. 2021

2021 IEEE International Conference on Image Processing (ICIP)

Self Cite

View full text Add to dashboard Cite

Accurate scene text spotting models ask for effective data augmentation algorithms. This paper presents a novel data augmentation algorithm called AdvMix that integrates techniques of adversarial attack and mixup. First, it utilizes the PGD method to synthesize adversarial samples. Second, it is the first work to implement feature-wise mixup between original data and the associated adversarial sample to enhance data augmentation. AdvMix has been evaluated over ICDAR2013 and ICDAR2015 datasets, showing its superior performance in improving accuracy of scene text spotting models.

show abstract

Section: Adversarial Attackmentioning

confidence: 99%

“…The proposed method is called AdvMix, which integrates the adversarial attack and mixup [18]. Adversarial attack [19], e.g., projected gradient descent (PGD) attack [20], can generate new realistic samples as shown in Fig. 2(b).…”

Section: Introductionmentioning

confidence: 99%

ADVMIX: Data Augmentation for Accurate Scene Text Spotting

Huang¹,

Fang

Huang

et al. 2021

2021 IEEE International Conference on Image Processing (ICIP)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Since the proposal of adversarial attack [14], its design, defense, and analysis have attracted much attention recently. Except for a new type of adversarial attack [33], the majority of the existing adversarial attacks aim at the over-sensitive part of a neural network such that slight distortions on the input lead to significant changes on the output.…”

Section: Autoencoder and Its Attackmentioning

confidence: 99%

Double Backpropagation for Training Autoencoders against Adversarial Attack

Sun,

Chen,

Huang

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Deep learning, as widely known, is vulnerable to adversarial samples. This paper focuses on the adversarial attack on autoencoders. Safety of the autoencoders (AEs) is important because they are widely used as a compression scheme for data storage and transmission, however, the current autoencoders are easily attacked, i.e., one can slightly modify an input but has totally different codes. The vulnerability is rooted the sensitivity of the autoencoders and to enhance the robustness, we propose to adopt double backpropagation (DBP) to secure autoencoder such as VAE and DRAW. We restrict the gradient from the reconstruction image to the original one so that the autoencoder is not sensitive to trivial perturbation produced by the adversarial attack. After smoothing the gradient by DBP, we further smooth the label by Gaussian Mixture Model (GMM), aiming for accurate and robust classification. We demonstrate in MNIST, CelebA, SVHN that our method leads to a robust autoencoder resistant to attack and a robust classifier able for image transition and immune to adversarial attack if combined with GMM.

show abstract

“…However, the model may perform abnormally as the data is slightly changed, as its inner decision-making process is unknown. Some recent examples can be referred to as the adversarial attacks, where a convolutional neural network can be easily fooled by its attackers (Yuan et al, 2019, Tang et al, 2019, Su et al, 2019.…”

Section: Introductionmentioning

confidence: 99%

“…In xNN, 2 a fully-connected multi-layer perceptron is disentangled into many additive and independent subnetworks; each subnetwork represents a shape function which can be easily visualized and interpreted. Recently, the interpretability of xNN is further enhanced by inducing sparsity, orthogonality and smoothness constraints, see details in (Yang et al, 2019).…”

Section: Introductionmentioning

confidence: 99%

GAMI-Net: An Explainable Neural Network based on Generalized Additive Models with Structured Interactions

Yang

Zhang

Sudjianto

2020

Preprint

View full text Add to dashboard Cite

The lack of interpretability is an inevitable problem when using neural network models in real applications. In this paper, a new explainable neural network called GAMI-Net, based on generalized additive models with structured interactions, is proposed to pursue a good balance between prediction accuracy and model interpretability.The GAMI-Net is a disentangled feedforward network with multiple additive subnetworks, where each subnetwork is designed for capturing either one main effect or one pairwise interaction effect. It takes into account three kinds of interpretability constraints, including a) sparsity constraint for selecting the most significant effects for parsimonious representations; b) heredity constraint such that a pairwise interaction could only be included when at least one of its parent effects exists; and c) marginal clarity constraint, in order to make the main and pairwise interaction effects mutually distinguishable. For model estimation, we develop an adaptive training algorithm that firstly fits the main effects to the responses, then fits the structured pairwise interactions to the residuals. Numerical experiments on both synthetic functions and real-world datasets show that the proposed explainable GAMI-Net enjoys superior interpretability while maintaining competitive prediction accuracy in comparison to the explainable boosting machine and other benchmark machine learning models.

show abstract

Adversarial Attack Type I: Cheat Classifiers by Significant Changes

Cited by 28 publications

References 30 publications

ADVMIX: Data Augmentation for Accurate Scene Text Spotting

ADVMIX: Data Augmentation for Accurate Scene Text Spotting

Double Backpropagation for Training Autoencoders against Adversarial Attack

GAMI-Net: An Explainable Neural Network based on Generalized Additive Models with Structured Interactions

Contact Info

Product

Resources

About