DPG: a model to build feature subspace against adversarial patch attack.
Saved in:
| Title: | DPG: a model to build feature subspace against adversarial patch attack. |
|---|---|
| Authors: | Xue, Yunsheng, Wen, Mi, He, Wei, Li, Weiwei |
| Source: | Machine Learning; Aug2024, Vol. 113 Issue 8, p5601-5622, 22p |
| Subject Terms: | OPTIMIZATION algorithms, IMAGE recognition (Computer vision), CLASSIFICATION algorithms, FEATURE extraction, ALGORITHMS |
| Abstract: | Adversarial patch attacks in the physical world are a major threat to the application of deep learning. However, current research on adversarial patch defense algorithms focuses on image pre-processing defenses, it has been demonstrated that this defense reduces the classification accuracy of clean images and is unable to defend against physically realizable attacks. In this paper, we propose a defense patch GNN (DPG), using a new perspective for defending against adversarial patch attacks. First, we extract the input image features with the feature extraction to obtain a feature set. Then downsampling the feature set by applying the global average pooling layer to reduce the perturbation of the features by the adversarial patch. Finally, this paper proposes a graph-structured feature subspace to robust the feature performance. In addition, we design an optimization algorithm based on stochastic gradient descent (SGD), which can significantly increase the mode's generalization ability. We demonstrate empirically the superior robustness of the DPG model on existing adversarial patch attacks. DPG shows without any accuracy loss in the prediction of clean images. [ABSTRACT FROM AUTHOR] |
| Copyright of Machine Learning is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Complementary Index |
Full Text Finder 
Nájsť tento článok vo Web of Science Be the first to leave a comment!