Files and links (1)
SubmittedOpen Access (License Unspecified), Open
Conference proceeding
Adaptive-Gravity: A Defense Against Adversarial Samples
2022 23rd International Symposium on Quality Electronic Design (ISQED), pp 96-101
06 Apr 2022
Featured in Collection : UN Sustainable Development Goals @ Drexel
Abstract
This paper presents a novel model training solution, denoted as Adaptive-Gravity, for enhancing the robustness of deep neural network classifiers against adversarial examples. We conceptualize the model parameters/features associated with each class as a mass characterized by its centroid location and the spread (standard deviation of the distance) of features around the centroid. We use the centroid associated with each cluster to derive an anti-gravity force that pushes the centroids of different classes away from one another during network training. Then we customized an objective function that aims to concentrate each class's features toward their corresponding new centroid, which has been obtained by anti-gravity force. This methodology results in a larger separation between different masses and reduces the spread of features around each centroid. As a result, the samples are pushed away from the space that adversarial examples could be mapped to, effectively increasing the degree of perturbation needed for making an adversarial example. We have implemented this training solution as an iterative method consisting of four steps at each iteration: 1) centroid extraction, 2) anti-gravity force calculation, 3) centroid relocation, and 4) gravity training. Gravity's efficiency is evaluated by measuring the corresponding fooling rates against various attack models, including FGSM, MIM, BIM, and PGD using LeNet and ResNet110 networks, benchmarked against MNIST and CIFAR10 classification problems. Test results show that Gravity not only functions as a powerful instrument to robustify a model against state-of-the-art adversarial attacks but also effectively improves the model training accuracy.
Metrics
Details
- Title
- Adaptive-Gravity: A Defense Against Adversarial Samples
- Creators
- Ali Mirzaeian - George Mason UniversityZhi Tian - George Mason UniversitySai Manoj P D - George Mason UniversityBanafsheh S. Latibari - University of California, DavisIoannis Savidis (Author) - Drexel UniversityHouman Homayoun - University of California, DavisAvesta Sasan - University of California, Davis
- Publication Details
- 2022 23rd International Symposium on Quality Electronic Design (ISQED), pp 96-101
- Publisher
- IEEE
- Grant note
- National Science Foundation (10.13039/100000001)
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Electrical and Computer Engineering
- Web of Science ID
- WOS:000890309300016
- Scopus ID
- 2-s2.0-85133750234
- Other Identifier
- 991019173541904721
UN Sustainable Development Goals (SDGs)
This publication has contributed to the advancement of the following goals:
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Collaboration types
- Domestic collaboration
- Web of Science research areas
- Engineering, Biomedical
- Engineering, Electrical & Electronic