Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Robustifying models against adversarial attacks by Langevin dynamics
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Srinivasan, Vignesh | - |
| dc.contributor.author | Rohrer, Csaba | - |
| dc.contributor.author | Marban, Arturo | - |
| dc.contributor.author | Mueller, Klaus-Robert | - |
| dc.contributor.author | Samek, Wojciech | - |
| dc.contributor.author | Nakajima, Shinichi | - |
| dc.date.accessioned | 2022-03-01T23:43:00Z | - |
| dc.date.available | 2022-03-01T23:43:00Z | - |
| dc.date.created | 2022-01-20 | - |
| dc.date.issued | 2021-05 | - |
| dc.identifier.issn | 0893-6080 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/137429 | - |
| dc.description.abstract | Adversarial attacks on deep learning models have compromised their performance considerably. As remedies, a number of defense methods were proposed, which however, have been circumvented by newer and more sophisticated attacking strategies. In the midst of this ensuing arms race, the problem of robustness against adversarial attacks still remains a challenging task. This paper proposes a novel, simple yet effective defense strategy where off-manifold adversarial samples are driven towards high density regions of the data generating distribution of the (unknown) target class by the Metropolis-adjusted Langevin algorithm (MALA) with perceptual boundary taken into account. To achieve this task, we introduce a generative model of the conditional distribution of the inputs given labels that can be learned through a supervised Denoising Autoencoder (sDAE) in alignment with a discriminative classifier. Our algorithm, called MALA for DEfense (MALADE), is equipped with significant dispersion-projection is distributed broadly. This prevents white box attacks from accurately aligning the input to create an adversarial sample effectively. MALADE is applicable to any existing classifier, providing robust defense as well as off-manifold sample detection. In our experiments, MALADE exhibited state-of-the-art performance against various elaborate attacking strategies. (C) 2021 Elsevier Ltd. All rights reserved. | - |
| dc.language | English | - |
| dc.language.iso | en | - |
| dc.publisher | PERGAMON-ELSEVIER SCIENCE LTD | - |
| dc.title | Robustifying models against adversarial attacks by Langevin dynamics | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Mueller, Klaus-Robert | - |
| dc.identifier.doi | 10.1016/j.neunet.2020.12.024 | - |
| dc.identifier.scopusid | 2-s2.0-85100149772 | - |
| dc.identifier.wosid | 000686896300001 | - |
| dc.identifier.bibliographicCitation | NEURAL NETWORKS, v.137, pp.1 - 17 | - |
| dc.relation.isPartOf | NEURAL NETWORKS | - |
| dc.citation.title | NEURAL NETWORKS | - |
| dc.citation.volume | 137 | - |
| dc.citation.startPage | 1 | - |
| dc.citation.endPage | 17 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Review | - |
| dc.description.journalClass | 1 | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalResearchArea | Neurosciences & Neurology | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Artificial Intelligence | - |
| dc.relation.journalWebOfScienceCategory | Neurosciences | - |
| dc.subject.keywordAuthor | Adversarial examples | - |
| dc.subject.keywordAuthor | Robustness | - |
| dc.subject.keywordAuthor | Langevin dynamics | - |
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Artificial Intelligence > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.