The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Nous introduisons un réseau neuronal hybride bayésien-convolutionnel (hyBCNN) pour améliorer la robustesse contre les attaques adverses et réduire le temps de calcul dans la phase d'inférence bayésienne. Notre hyBCNN les modèles sont construits à partir d’une partie de BNN et CNN. Sur la base de CNN pré-entraînés, nous remplaçons uniquement les couches convolutives et la fonction d'activation de l'étape initiale des CNN par nos couches convolutionnelles bayésiennes (BC) et d'activation bayésiennes (BA) comme terme d'apprentissage par transfert. Nous gardons le reste des CNN inchangés. Nous adoptons l'algorithme Bayes sans apprentissage bayésien (BwoBL) pour hyBCNN réseaux pour exécuter l’inférence bayésienne vers la robustesse adverse. Notre proposition surpasse la formation contradictoire et la fonction d'activation robuste, qui sont actuellement les méthodes de défense exceptionnelles des CNN dans la résistance aux attaques contradictoires telles que PGD et C&W. De plus, l'architecture proposée avec BwoBL peut facilement s'intégrer dans n'importe quel CNN pré-entraîné, en particulier dans les réseaux évolutifs, par exemple ResNet et EfficientNet, avec de meilleures performances sur des ensembles de données à grande échelle. En particulier, sous l∞ norme attaque PGD de perturbation des pixels ε=4/255 avec 100 itérations sur ImageNet, notre meilleur hyBCNN EfficientNet atteint une précision top 93.92 de 5 % sans formation supplémentaire.
Thi Thu Thao KHONG
Nara Institute of Science and Technology
Takashi NAKADA
International Professional University of Technology in Osaka
Yasuhiko NAKASHIMA
Nara Institute of Science and Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Thi Thu Thao KHONG, Takashi NAKADA, Yasuhiko NAKASHIMA, "A Hybrid Bayesian-Convolutional Neural Network for Adversarial Robustness" in IEICE TRANSACTIONS on Information,
vol. E105-D, no. 7, pp. 1308-1319, July 2022, doi: 10.1587/transinf.2021EDP7239.
Abstract: We introduce a hybrid Bayesian-convolutional neural network (hyBCNN) for improving the robustness against adversarial attacks and decreasing the computation time in the Bayesian inference phase. Our hyBCNN models are built from a part of BNN and CNN. Based on pre-trained CNNs, we only replace convolutional layers and activation function of the initial stage of CNNs with our Bayesian convolutional (BC) and Bayesian activation (BA) layers as a term of transfer learning. We keep the remainder of CNNs unchanged. We adopt the Bayes without Bayesian Learning (BwoBL) algorithm for hyBCNN networks to execute Bayesian inference towards adversarial robustness. Our proposal outperforms adversarial training and robust activation function, which are currently the outstanding defense methods of CNNs in the resistance to adversarial attacks such as PGD and C&W. Moreover, the proposed architecture with BwoBL can easily integrate into any pre-trained CNN, especially in scaling networks, e.g., ResNet and EfficientNet, with better performance on large-scale datasets. In particular, under l∞ norm PGD attack of pixel perturbation ε=4/255 with 100 iterations on ImageNet, our best hyBCNN EfficientNet reaches 93.92% top-5 accuracy without additional training.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021EDP7239/_p
Copier
@ARTICLE{e105-d_7_1308,
author={Thi Thu Thao KHONG, Takashi NAKADA, Yasuhiko NAKASHIMA, },
journal={IEICE TRANSACTIONS on Information},
title={A Hybrid Bayesian-Convolutional Neural Network for Adversarial Robustness},
year={2022},
volume={E105-D},
number={7},
pages={1308-1319},
abstract={We introduce a hybrid Bayesian-convolutional neural network (hyBCNN) for improving the robustness against adversarial attacks and decreasing the computation time in the Bayesian inference phase. Our hyBCNN models are built from a part of BNN and CNN. Based on pre-trained CNNs, we only replace convolutional layers and activation function of the initial stage of CNNs with our Bayesian convolutional (BC) and Bayesian activation (BA) layers as a term of transfer learning. We keep the remainder of CNNs unchanged. We adopt the Bayes without Bayesian Learning (BwoBL) algorithm for hyBCNN networks to execute Bayesian inference towards adversarial robustness. Our proposal outperforms adversarial training and robust activation function, which are currently the outstanding defense methods of CNNs in the resistance to adversarial attacks such as PGD and C&W. Moreover, the proposed architecture with BwoBL can easily integrate into any pre-trained CNN, especially in scaling networks, e.g., ResNet and EfficientNet, with better performance on large-scale datasets. In particular, under l∞ norm PGD attack of pixel perturbation ε=4/255 with 100 iterations on ImageNet, our best hyBCNN EfficientNet reaches 93.92% top-5 accuracy without additional training.},
keywords={},
doi={10.1587/transinf.2021EDP7239},
ISSN={1745-1361},
month={July},}
Copier
TY - JOUR
TI - A Hybrid Bayesian-Convolutional Neural Network for Adversarial Robustness
T2 - IEICE TRANSACTIONS on Information
SP - 1308
EP - 1319
AU - Thi Thu Thao KHONG
AU - Takashi NAKADA
AU - Yasuhiko NAKASHIMA
PY - 2022
DO - 10.1587/transinf.2021EDP7239
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E105-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2022
AB - We introduce a hybrid Bayesian-convolutional neural network (hyBCNN) for improving the robustness against adversarial attacks and decreasing the computation time in the Bayesian inference phase. Our hyBCNN models are built from a part of BNN and CNN. Based on pre-trained CNNs, we only replace convolutional layers and activation function of the initial stage of CNNs with our Bayesian convolutional (BC) and Bayesian activation (BA) layers as a term of transfer learning. We keep the remainder of CNNs unchanged. We adopt the Bayes without Bayesian Learning (BwoBL) algorithm for hyBCNN networks to execute Bayesian inference towards adversarial robustness. Our proposal outperforms adversarial training and robust activation function, which are currently the outstanding defense methods of CNNs in the resistance to adversarial attacks such as PGD and C&W. Moreover, the proposed architecture with BwoBL can easily integrate into any pre-trained CNN, especially in scaling networks, e.g., ResNet and EfficientNet, with better performance on large-scale datasets. In particular, under l∞ norm PGD attack of pixel perturbation ε=4/255 with 100 iterations on ImageNet, our best hyBCNN EfficientNet reaches 93.92% top-5 accuracy without additional training.
ER -