论文标题
vax-a-net:针对对抗补丁攻击的训练时间防御
Vax-a-Net: Training-time Defence Against Adversarial Patch Attacks
论文作者
论文摘要
我们提出vax-a-net;一种针对对抗斑块攻击(APA)免疫卷积神经网络(CNN)的技术。 APA在视觉上插入明显的本地区域(补丁)中诱导错误分类。我们介绍了有条件的生成对抗网络(GAN)体系结构,该体系结构同时学习合成用于APA的补丁,同时利用这些攻击以适应预先训练的目标CNN以降低其对它们的敏感性。这种方法使针对APA的弹性能够赋予预先训练的模型,这对于APA方法的收敛缓慢而与常规对抗训练是不切实际的。我们证明了这种保护能够防止现有APA的转移性,并在几种当代CNN体系结构中表现出了其功效。
We present Vax-a-Net; a technique for immunizing convolutional neural networks (CNNs) against adversarial patch attacks (APAs). APAs insert visually overt, local regions (patches) into an image to induce misclassification. We introduce a conditional Generative Adversarial Network (GAN) architecture that simultaneously learns to synthesise patches for use in APAs, whilst exploiting those attacks to adapt a pre-trained target CNN to reduce its susceptibility to them. This approach enables resilience against APAs to be conferred to pre-trained models, which would be impractical with conventional adversarial training due to the slow convergence of APA methods. We demonstrate transferability of this protection to defend against existing APAs, and show its efficacy across several contemporary CNN architectures.
