The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
하이브리드 베이지안 컨벌루션 신경망을 소개합니다. (hyBCNN) 베이지안 추론 단계에서 적대적 공격에 대한 견고성을 향상시키고 계산 시간을 단축합니다. 우리의 hyBCNN 모델은 BNN 및 CNN의 일부로 구축됩니다. 사전 훈련된 CNN을 기반으로 CNN 초기 단계의 컨볼루션 레이어와 활성화 함수만 전이 학습 용어로 베이지안 컨볼루션(BC) 및 베이지안 활성화(BA) 레이어로 대체합니다. 나머지 CNN은 변경하지 않고 유지합니다. 우리는 베이지안 학습 없는 베이즈(BwoBL) 알고리즘을 채택합니다. hyBCNN 적대적 견고성에 대한 베이지안 추론을 실행하는 네트워크. 우리의 제안은 PGD, C&W와 같은 적대적 공격에 대한 저항에서 현재 CNN의 뛰어난 방어 방법인 적대적 훈련과 강력한 활성화 기능을 능가합니다. 또한 BwoBL을 사용하여 제안된 아키텍처는 특히 ResNet 및 EfficientNet과 같은 확장 네트워크에서 사전 훈련된 CNN에 쉽게 통합될 수 있으며 대규모 데이터 세트에서 더 나은 성능을 제공합니다. 특히, 아래 l∞ ImageNet에서 4회 반복으로 픽셀 교란 ε=255/100의 표준 PGD 공격을 수행했습니다. hyBCNN EfficientNet은 추가 교육 없이 93.92%의 상위 5개 정확도에 도달합니다.
Thi Thu Thao KHONG
Nara Institute of Science and Technology
Takashi NAKADA
International Professional University of Technology in Osaka
Yasuhiko NAKASHIMA
Nara Institute of Science and Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Thi Thu Thao KHONG, Takashi NAKADA, Yasuhiko NAKASHIMA, "A Hybrid Bayesian-Convolutional Neural Network for Adversarial Robustness" in IEICE TRANSACTIONS on Information,
vol. E105-D, no. 7, pp. 1308-1319, July 2022, doi: 10.1587/transinf.2021EDP7239.
Abstract: We introduce a hybrid Bayesian-convolutional neural network (hyBCNN) for improving the robustness against adversarial attacks and decreasing the computation time in the Bayesian inference phase. Our hyBCNN models are built from a part of BNN and CNN. Based on pre-trained CNNs, we only replace convolutional layers and activation function of the initial stage of CNNs with our Bayesian convolutional (BC) and Bayesian activation (BA) layers as a term of transfer learning. We keep the remainder of CNNs unchanged. We adopt the Bayes without Bayesian Learning (BwoBL) algorithm for hyBCNN networks to execute Bayesian inference towards adversarial robustness. Our proposal outperforms adversarial training and robust activation function, which are currently the outstanding defense methods of CNNs in the resistance to adversarial attacks such as PGD and C&W. Moreover, the proposed architecture with BwoBL can easily integrate into any pre-trained CNN, especially in scaling networks, e.g., ResNet and EfficientNet, with better performance on large-scale datasets. In particular, under l∞ norm PGD attack of pixel perturbation ε=4/255 with 100 iterations on ImageNet, our best hyBCNN EfficientNet reaches 93.92% top-5 accuracy without additional training.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021EDP7239/_p
부
@ARTICLE{e105-d_7_1308,
author={Thi Thu Thao KHONG, Takashi NAKADA, Yasuhiko NAKASHIMA, },
journal={IEICE TRANSACTIONS on Information},
title={A Hybrid Bayesian-Convolutional Neural Network for Adversarial Robustness},
year={2022},
volume={E105-D},
number={7},
pages={1308-1319},
abstract={We introduce a hybrid Bayesian-convolutional neural network (hyBCNN) for improving the robustness against adversarial attacks and decreasing the computation time in the Bayesian inference phase. Our hyBCNN models are built from a part of BNN and CNN. Based on pre-trained CNNs, we only replace convolutional layers and activation function of the initial stage of CNNs with our Bayesian convolutional (BC) and Bayesian activation (BA) layers as a term of transfer learning. We keep the remainder of CNNs unchanged. We adopt the Bayes without Bayesian Learning (BwoBL) algorithm for hyBCNN networks to execute Bayesian inference towards adversarial robustness. Our proposal outperforms adversarial training and robust activation function, which are currently the outstanding defense methods of CNNs in the resistance to adversarial attacks such as PGD and C&W. Moreover, the proposed architecture with BwoBL can easily integrate into any pre-trained CNN, especially in scaling networks, e.g., ResNet and EfficientNet, with better performance on large-scale datasets. In particular, under l∞ norm PGD attack of pixel perturbation ε=4/255 with 100 iterations on ImageNet, our best hyBCNN EfficientNet reaches 93.92% top-5 accuracy without additional training.},
keywords={},
doi={10.1587/transinf.2021EDP7239},
ISSN={1745-1361},
month={July},}
부
TY - JOUR
TI - A Hybrid Bayesian-Convolutional Neural Network for Adversarial Robustness
T2 - IEICE TRANSACTIONS on Information
SP - 1308
EP - 1319
AU - Thi Thu Thao KHONG
AU - Takashi NAKADA
AU - Yasuhiko NAKASHIMA
PY - 2022
DO - 10.1587/transinf.2021EDP7239
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E105-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2022
AB - We introduce a hybrid Bayesian-convolutional neural network (hyBCNN) for improving the robustness against adversarial attacks and decreasing the computation time in the Bayesian inference phase. Our hyBCNN models are built from a part of BNN and CNN. Based on pre-trained CNNs, we only replace convolutional layers and activation function of the initial stage of CNNs with our Bayesian convolutional (BC) and Bayesian activation (BA) layers as a term of transfer learning. We keep the remainder of CNNs unchanged. We adopt the Bayes without Bayesian Learning (BwoBL) algorithm for hyBCNN networks to execute Bayesian inference towards adversarial robustness. Our proposal outperforms adversarial training and robust activation function, which are currently the outstanding defense methods of CNNs in the resistance to adversarial attacks such as PGD and C&W. Moreover, the proposed architecture with BwoBL can easily integrate into any pre-trained CNN, especially in scaling networks, e.g., ResNet and EfficientNet, with better performance on large-scale datasets. In particular, under l∞ norm PGD attack of pixel perturbation ε=4/255 with 100 iterations on ImageNet, our best hyBCNN EfficientNet reaches 93.92% top-5 accuracy without additional training.
ER -