Suppr超能文献

基于增加间隔的对抗(IMA)训练来提高神经网络的对抗鲁棒性。

Increasing-Margin Adversarial (IMA) training to improve adversarial robustness of neural networks.

机构信息

Department of Computer Science, University of Miami, 1365 Memorial Drive, Coral Gables, 33146, FL, USA.

出版信息

Comput Methods Programs Biomed. 2023 Oct;240:107687. doi: 10.1016/j.cmpb.2023.107687. Epub 2023 Jun 24.

DOI:10.1016/j.cmpb.2023.107687
PMID:37392695
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC10527180/
Abstract

BACKGROUND AND OBJECTIVE

Deep neural networks (DNNs) are vulnerable to adversarial noises. Adversarial training is a general and effective strategy to improve DNN robustness (i.e., accuracy on noisy data) against adversarial noises. However, DNN models trained by the current existing adversarial training methods may have much lower standard accuracy (i.e., accuracy on clean data), compared to the same models trained by the standard method on clean data, and this phenomenon is known as the trade-off between accuracy and robustness and is commonly considered unavoidable. This issue prevents adversarial training from being used in many application domains, such as medical image analysis, as practitioners do not want to sacrifice standard accuracy too much in exchange for adversarial robustness. Our objective is to lift (i.e., alleviate or even avoid) this trade-off between standard accuracy and adversarial robustness for medical image classification and segmentation.

METHODS

We propose a novel adversarial training method, named Increasing-Margin Adversarial (IMA) Training, which is supported by an equilibrium state analysis about the optimality of adversarial training samples. Our method aims to preserve accuracy while improving robustness by generating optimal adversarial training samples. We evaluate our method and the other eight representative methods on six publicly available image datasets corrupted by noises generated by AutoAttack and white-noise attack.

RESULTS

Our method achieves the highest adversarial robustness for image classification and segmentation with the smallest reduction in accuracy on clean data. For one of the applications, our method improves both accuracy and robustness.

CONCLUSIONS

Our study has demonstrated that our method can lift the trade-off between standard accuracy and adversarial robustness for the image classification and segmentation applications. To our knowledge, it is the first work to show that the trade-off is avoidable for medical image segmentation.

摘要

背景与目的

深度神经网络(DNN)易受对抗噪声的影响。对抗训练是提高 DNN 对对抗噪声鲁棒性(即在噪声数据上的准确性)的一种通用且有效的策略。然而,与在干净数据上用标准方法训练的相同模型相比,目前现有对抗训练方法训练的 DNN 模型的标准准确率(即在干净数据上的准确率)可能要低得多,这种现象被称为准确性和鲁棒性之间的权衡,通常被认为是不可避免的。这个问题使得对抗训练无法在许多应用领域(如医学图像分析)中使用,因为从业者不愿意为了对抗鲁棒性而牺牲太多的标准准确性。我们的目标是减轻(即缓解甚至避免)医学图像分类和分割中标准准确性和对抗鲁棒性之间的这种权衡。

方法

我们提出了一种新的对抗训练方法,名为增量边缘对抗(IMA)训练,它基于对抗训练样本最优性的平衡状态分析。我们的方法旨在通过生成最优的对抗训练样本来保持准确性,同时提高鲁棒性。我们在六个公开的图像数据集上使用噪声生成的 AutoAttack 和白噪声攻击来评估我们的方法和其他八个有代表性的方法。

结果

我们的方法在保持干净数据上的准确性降低最小的情况下,实现了图像分类和分割的最高对抗鲁棒性。对于其中一个应用,我们的方法提高了准确性和鲁棒性。

结论

我们的研究表明,我们的方法可以减轻医学图像分类和分割应用中标准准确性和对抗鲁棒性之间的权衡。据我们所知,这是第一个表明对抗性分割可以避免权衡的工作。

相似文献

1
Increasing-Margin Adversarial (IMA) training to improve adversarial robustness of neural networks.
Comput Methods Programs Biomed. 2023 Oct;240:107687. doi: 10.1016/j.cmpb.2023.107687. Epub 2023 Jun 24.
2
A general approach to improve adversarial robustness of DNNs for medical image segmentation and detection.
Proc SPIE Int Soc Opt Eng. 2024 Feb;12926. doi: 10.1117/12.3006534. Epub 2024 Apr 2.
3
A regularization method to improve adversarial robustness of neural networks for ECG signal classification.
Comput Biol Med. 2022 May;144:105345. doi: 10.1016/j.compbiomed.2022.105345. Epub 2022 Feb 24.
4
Improving Adversarial Robustness of Deep Neural Networks via Adaptive Margin Evolution.
Neurocomputing (Amst). 2023 Sep 28;551. doi: 10.1016/j.neucom.2023.126524. Epub 2023 Jul 7.
5
Between-Class Adversarial Training for Improving Adversarial Robustness of Image Classification.
Sensors (Basel). 2023 Mar 20;23(6):3252. doi: 10.3390/s23063252.
6
Interpreting and Improving Adversarial Robustness of Deep Neural Networks With Neuron Sensitivity.
IEEE Trans Image Process. 2021;30:1291-1304. doi: 10.1109/TIP.2020.3042083. Epub 2020 Dec 23.
7
Benchmarking robustness of deep neural networks in semantic segmentation of fluorescence microscopy images.
BMC Bioinformatics. 2024 Aug 20;25(1):269. doi: 10.1186/s12859-024-05894-4.
8
Progressive Diversified Augmentation for General Robustness of DNNs: A Unified Approach.
IEEE Trans Image Process. 2021;30:8955-8967. doi: 10.1109/TIP.2021.3121150. Epub 2021 Oct 29.
9
Universal adversarial attacks on deep neural networks for medical image classification.
BMC Med Imaging. 2021 Jan 7;21(1):9. doi: 10.1186/s12880-020-00530-y.
10
Revisiting the Trade-Off Between Accuracy and Robustness via Weight Distribution of Filters.
IEEE Trans Pattern Anal Mach Intell. 2024 Dec;46(12):8870-8882. doi: 10.1109/TPAMI.2024.3411035. Epub 2024 Nov 6.

引用本文的文献

1
Mobile applications for skin cancer detection are vulnerable to physical camera-based adversarial attacks.
Sci Rep. 2025 May 24;15(1):18119. doi: 10.1038/s41598-025-03546-y.
2
Automated Audit and Self-Correction Algorithm for Seg-Hallucination Using MeshCNN-Based On-Demand Generative AI.
Bioengineering (Basel). 2025 Jan 16;12(1):81. doi: 10.3390/bioengineering12010081.
3
A general approach to improve adversarial robustness of DNNs for medical image segmentation and detection.
Proc SPIE Int Soc Opt Eng. 2024 Feb;12926. doi: 10.1117/12.3006534. Epub 2024 Apr 2.
4
Deep-Precognitive Diagnosis: Preventing Future Pandemics by Novel Disease Detection With Biologically-Inspired Conv-Fuzzy Network.
IEEE Access. 2022;10:23167-23185. doi: 10.1109/access.2022.3153059. Epub 2022 Feb 21.

本文引用的文献

1
Robust multimodal fusion network using adversarial learning for brain tumor grading.
Comput Methods Programs Biomed. 2022 Nov;226:107165. doi: 10.1016/j.cmpb.2022.107165. Epub 2022 Sep 29.
2
Improved generative adversarial network for retinal image super-resolution.
Comput Methods Programs Biomed. 2022 Oct;225:106995. doi: 10.1016/j.cmpb.2022.106995. Epub 2022 Jul 1.
3
DermoCC-GAN: A new approach for standardizing dermatological images using generative adversarial networks.
Comput Methods Programs Biomed. 2022 Oct;225:107040. doi: 10.1016/j.cmpb.2022.107040. Epub 2022 Jul 25.
4
Enhancing classification of cells procured from bone marrow aspirate smears using generative adversarial networks and sequential convolutional neural network.
Comput Methods Programs Biomed. 2022 Sep;224:107019. doi: 10.1016/j.cmpb.2022.107019. Epub 2022 Jul 10.
5
Boosting Fast Adversarial Training With Learnable Adversarial Initialization.
IEEE Trans Image Process. 2022;31:4417-4430. doi: 10.1109/TIP.2022.3184255. Epub 2022 Jul 1.
6
Generating future fundus images for early age-related macular degeneration based on generative adversarial networks.
Comput Methods Programs Biomed. 2022 Apr;216:106648. doi: 10.1016/j.cmpb.2022.106648. Epub 2022 Jan 20.
7
nnU-Net: a self-configuring method for deep learning-based biomedical image segmentation.
Nat Methods. 2021 Feb;18(2):203-211. doi: 10.1038/s41592-020-01008-z. Epub 2020 Dec 7.
8
Accurate MR Image Registration to Anatomical Reference Space for Diffuse Glioma.
Front Neurosci. 2020 Jun 5;14:585. doi: 10.3389/fnins.2020.00585. eCollection 2020.
9
Review of Artificial Intelligence Techniques in Imaging Data Acquisition, Segmentation, and Diagnosis for COVID-19.
IEEE Rev Biomed Eng. 2021;14:4-15. doi: 10.1109/RBME.2020.2987975. Epub 2021 Jan 22.
10
Correlation of Chest CT and RT-PCR Testing for Coronavirus Disease 2019 (COVID-19) in China: A Report of 1014 Cases.
Radiology. 2020 Aug;296(2):E32-E40. doi: 10.1148/radiol.2020200642. Epub 2020 Feb 26.

文献AI研究员

20分钟写一篇综述,助力文献阅读效率提升50倍。

立即体验

用中文搜PubMed

大模型驱动的PubMed中文搜索引擎

马上搜索

文档翻译

学术文献翻译模型,支持多种主流文档格式。

立即体验