Journal article
Why does batch normalization induce the model vulnerability on adversarial images?
WORLD WIDE WEB-INTERNET AND WEB INFORMATION SYSTEMS, v 26(3), p1073
May 2023
Featured in Collection : UN Sustainable Development Goals @ Drexel
Abstract
Batch normalization is one of the most widely used components in deep neural networks. It can accelerate training, and boost model performance on normal samples. However, batch normalization induces vulnerability to models on adversarial examples, especially in medical images, and the reason is still not clear. In this paper, we aim to explain the vulnerability aroused by batch normalization under adversarial images. Specifically, we first discover that both natural and medical images contain a large number of trivial features, whose weights will be enlarged under adversarial attacks, and batch normalization can further enlarge their weights. Additionally, we find that batch normalization will reduce the inter-class margin of high-level features, leading to less tolerance to adversarial perturbations, thereby decreasing the model robustness. Moreover, we hypothesize that the smaller inter-class margin, the more difficult to attain the optimal classification space, which means batch normalization will restrict the performance of adversarial training. This further verifies that a narrower inter-class margin induced by batch normalization reduces the model robustness. Experiments on four benchmark datasets demonstrate our discovery, interpretation and hypothesis.
Metrics
Details
- Title
- Why does batch normalization induce the model vulnerability on adversarial images?
- Publication Details
- WORLD WIDE WEB-INTERNET AND WEB INFORMATION SYSTEMS, v 26(3), p1073
- Publisher
- SPRINGER; NEW YORK
- Grant note
- This work is partially supported by the National Natural Science Foundation of China (Grant No: 61876046) and the Guangxi Bagui Teams for Innovation and Research.
- Resource Type
- Journal article
- Language
- English
- Academic Unit
- Drexel University
- Web of Science ID
- WOS:000820544500001
- Scopus ID
- 2-s2.0-85133490721
- Other Identifier
- 991021861176804721
UN Sustainable Development Goals (SDGs)
This publication has contributed to the advancement of the following goals:
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Collaboration types
- Domestic collaboration
- International collaboration
- Web of Science research areas
- Computer Science, Information Systems
- Computer Science, Software Engineering