• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

破坏深度神经网络中的对抗迁移性。

Disrupting adversarial transferability in deep neural networks.

作者信息

Wiedeman Christopher, Wang Ge

机构信息

Rensselaer Polytechnic Institute, Department of Electrical and Computer Systems Engineering, Troy, NY, USA.

Rensselaer Polytechnic Institute, Department of Biomedical Engineering, Troy, NY, USA.

出版信息

Patterns (N Y). 2022 Mar 24;3(5):100472. doi: 10.1016/j.patter.2022.100472. eCollection 2022 May 13.

DOI:10.1016/j.patter.2022.100472
PMID:35607626
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC9122968/
Abstract

Adversarial attack transferability is well recognized in deep learning. Previous work has partially explained transferability by recognizing common adversarial subspaces and correlations between decision boundaries, but little is known beyond that. We propose that transferability between seemingly different models is due to a high linear correlation between the feature sets that different networks extract. In other words, two models trained on the same task that are distant in the parameter space likely extract features in the same fashion, linked by trivial affine transformations between the latent spaces. Furthermore, we show how applying a feature correlation loss, which decorrelates the extracted features in corresponding latent spaces, can reduce the transferability of adversarial attacks between models, suggesting that the models complete tasks in semantically different ways. Finally, we propose a dual-neck autoencoder (DNA), which leverages this feature correlation loss to create two meaningfully different encodings of input information with reduced transferability.

摘要

对抗攻击的可转移性在深度学习中已得到广泛认可。先前的工作通过识别常见的对抗性子空间以及决策边界之间的相关性,对可转移性进行了部分解释,但除此之外,人们了解得并不多。我们提出,看似不同的模型之间的可转移性是由于不同网络提取的特征集之间存在高度线性相关性。换句话说,在相同任务上训练的两个模型,尽管在参数空间中相距甚远,但它们可能以相同的方式提取特征,通过潜在空间之间的平凡仿射变换相联系。此外,我们展示了应用特征相关损失(该损失使相应潜在空间中提取的特征去相关)如何能够降低对抗攻击在模型之间的可转移性,这表明模型以语义上不同的方式完成任务。最后,我们提出了一种双颈自动编码器(DNA),它利用这种特征相关损失来创建输入信息的两种有意义的不同编码,同时降低可转移性。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/4c6d59d35e55/gr13.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/76fbf500b817/fx1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/5118a86b514e/gr1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/248a3a03347e/gr2.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/2e7d2a637e1b/gr3.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/0573aefc9777/gr4.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/e6de80f7eb00/gr5.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/85eef2341beb/gr6.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/83cadb93ab18/gr7.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/911a3d56b34b/gr8.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/a0bf6051abba/gr9.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/30757ca44b0e/gr10.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/04f02f4664fe/gr11.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/980edf58a2c0/gr12.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/4c6d59d35e55/gr13.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/76fbf500b817/fx1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/5118a86b514e/gr1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/248a3a03347e/gr2.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/2e7d2a637e1b/gr3.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/0573aefc9777/gr4.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/e6de80f7eb00/gr5.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/85eef2341beb/gr6.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/83cadb93ab18/gr7.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/911a3d56b34b/gr8.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/a0bf6051abba/gr9.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/30757ca44b0e/gr10.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/04f02f4664fe/gr11.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/980edf58a2c0/gr12.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3f55/9122968/4c6d59d35e55/gr13.jpg

相似文献

1
Disrupting adversarial transferability in deep neural networks.破坏深度神经网络中的对抗迁移性。
Patterns (N Y). 2022 Mar 24;3(5):100472. doi: 10.1016/j.patter.2022.100472. eCollection 2022 May 13.
2
Remix: Towards the transferability of adversarial examples.对抗样本的可迁移性研究
Neural Netw. 2023 Jun;163:367-378. doi: 10.1016/j.neunet.2023.04.012. Epub 2023 Apr 18.
3
Transferability of features for neural networks links to adversarial attacks and defences.神经网络特征的可转移性与对抗攻击和防御有关。
PLoS One. 2022 Apr 27;17(4):e0266060. doi: 10.1371/journal.pone.0266060. eCollection 2022.
4
DEFEAT: Decoupled feature attack across deep neural networks.击败:跨深度神经网络的解耦特征攻击。
Neural Netw. 2022 Dec;156:13-28. doi: 10.1016/j.neunet.2022.09.009. Epub 2022 Sep 20.
5
Toward Understanding and Boosting Adversarial Transferability From a Distribution Perspective.从分布角度理解和增强对抗迁移能力。
IEEE Trans Image Process. 2022;31:6487-6501. doi: 10.1109/TIP.2022.3211736. Epub 2022 Oct 21.
6
Boosting the transferability of adversarial examples via stochastic serial attack.通过随机串行攻击提升对抗样本的可转移性。
Neural Netw. 2022 Jun;150:58-67. doi: 10.1016/j.neunet.2022.02.025. Epub 2022 Mar 7.
7
Simultaneously Improve Transferability and Discriminability for Adversarial Domain Adaptation.同时提高对抗域适应的可迁移性和可辨别性。
Entropy (Basel). 2021 Dec 27;24(1):44. doi: 10.3390/e24010044.
8
When Autonomous Systems Meet Accuracy and Transferability through AI: A Survey.当自主系统通过人工智能实现准确性和可转移性时:一项综述。
Patterns (N Y). 2020 Jul 10;1(4):100050. doi: 10.1016/j.patter.2020.100050.
9
Strengthening transferability of adversarial examples by adaptive inertia and amplitude spectrum dropout.通过自适应惯性和幅度谱丢弃增强对抗样本的可转移性。
Neural Netw. 2023 Aug;165:925-937. doi: 10.1016/j.neunet.2023.06.031. Epub 2023 Jun 30.
10
SMGEA: A New Ensemble Adversarial Attack Powered by Long-Term Gradient Memories.SMGEA:一种由长期梯度记忆驱动的新型集成对抗攻击。
IEEE Trans Neural Netw Learn Syst. 2022 Mar;33(3):1051-1065. doi: 10.1109/TNNLS.2020.3039295. Epub 2022 Feb 28.

引用本文的文献

1
Decorrelative network architecture for robust electrocardiogram classification.用于稳健心电图分类的去相关网络架构
Patterns (N Y). 2024 Dec 9;5(12):101116. doi: 10.1016/j.patter.2024.101116. eCollection 2024 Dec 13.

本文引用的文献

1
Universal adversarial attacks on deep neural networks for medical image classification.针对医学图像分类的深度神经网络的通用对抗攻击。
BMC Med Imaging. 2021 Jan 7;21(1):9. doi: 10.1186/s12880-020-00530-y.
2
On instabilities of deep learning in image reconstruction and the potential costs of AI.深度学习在图像重建中的不稳定性及人工智能的潜在代价
Proc Natl Acad Sci U S A. 2020 Dec 1;117(48):30088-30095. doi: 10.1073/pnas.1907377117. Epub 2020 May 11.