Understanding adversarial robustness via critical attacking route

Tianlin Li, Aishan Liu, Xianglong Liu, Yitao Xu, Chongzhi Zhang, Xiaofei Xie

研究成果: Contribution to journalArticle査読

1 被引用数 (Scopus)

抄録

Deep neural networks (DNNs) are vulnerable to adversarial examples which are generated by inputs with imperceptible perturbations. Understanding adversarial robustness of DNNs has become an important issue, which would for certain result in better practical deep learning applications. To address this issue, we try to explain adversarial robustness for deep models from a new perspective of critical attacking route, which is computed by a gradient-based influence propagation strategy. Similar to rumor spreading in social networks, we believe that adversarial noises are amplified and propagated through the critical attacking route. By exploiting neurons’ influences layer by layer, we compose the critical attacking route with neurons that make the highest contributions towards model decision. In this paper, we first draw the close connection between adversarial robustness and critical attacking route, as the route makes the most non-trivial contributions to model predictions in the adversarial setting. By constraining the propagation process and node behaviors on this route, we could weaken the noise propagation and improve model robustness. Also, we find that critical attacking neurons are useful to evaluate sample adversarial hardness that images with higher stimulus are easier to be perturbed into adversarial examples.

本文言語英語
ページ(範囲)568-578
ページ数11
ジャーナルInformation sciences
547
DOI
出版ステータス出版済み - 2 8 2021
外部発表はい

All Science Journal Classification (ASJC) codes

  • ソフトウェア
  • 制御およびシステム工学
  • 理論的コンピュータサイエンス
  • コンピュータ サイエンスの応用
  • 情報システムおよび情報管理
  • 人工知能

フィンガープリント

「Understanding adversarial robustness via critical attacking route」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル