File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: Less is more: Culling the training set to improve robustness of deep neural networks

TitleLess is more: Culling the training set to improve robustness of deep neural networks
Authors
Liu, YongshuaiChen, JiyuChen, Hao
Issue Date2018
Citation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, v. 11199 LNCS, p. 102-114 How to Cite?
DOI: http://dx.doi.org/10.1007/978-3-030-01554-1_6
AbstractDeep neural networks are vulnerable to adversarial examples. Prior defenses attempted to make deep networks more robust by either changing the network architecture or augmenting the training set with adversarial examples, but both have inherent limitations. Motivated by recent research that shows outliers in the training set have a high negative influence on the trained model, we studied the relationship between model robustness and the quality of the training set. We first show that outliers give the model better generalization ability but weaker robustness. Next, we propose an adversarial example detection framework, in which we design two methods for removing outliers from training set to obtain the sanitized model and then detect adversarial example by calculating the difference of outputs between the original and the sanitized model. We evaluated the framework on both MNIST and SVHN. Based on the difference measured by Kullback-Leibler divergence, we could detect adversarial examples with accuracy between 94.67% to 99.89%.
Persistent Identifierhttp://hdl.handle.net/10722/346685
ISSN
0302-9743
2023 SCImago Journal Rankings: 0.606

 

DC FieldValueLanguage
dc.contributor.authorLiu, Yongshuai-
dc.contributor.authorChen, Jiyu-
dc.contributor.authorChen, Hao-
dc.date.accessioned2024-09-17T04:12:35Z-
dc.date.available2024-09-17T04:12:35Z-
dc.date.issued2018-
dc.identifier.citationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, v. 11199 LNCS, p. 102-114-
dc.identifier.issn0302-9743-
dc.identifier.urihttp://hdl.handle.net/10722/346685-
dc.description.abstractDeep neural networks are vulnerable to adversarial examples. Prior defenses attempted to make deep networks more robust by either changing the network architecture or augmenting the training set with adversarial examples, but both have inherent limitations. Motivated by recent research that shows outliers in the training set have a high negative influence on the trained model, we studied the relationship between model robustness and the quality of the training set. We first show that outliers give the model better generalization ability but weaker robustness. Next, we propose an adversarial example detection framework, in which we design two methods for removing outliers from training set to obtain the sanitized model and then detect adversarial example by calculating the difference of outputs between the original and the sanitized model. We evaluated the framework on both MNIST and SVHN. Based on the difference measured by Kullback-Leibler divergence, we could detect adversarial examples with accuracy between 94.67% to 99.89%.-
dc.languageeng-
dc.relation.ispartofLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)-
dc.titleLess is more: Culling the training set to improve robustness of deep neural networks-
dc.typeConference_Paper-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1007/978-3-030-01554-1_6-
dc.identifier.scopuseid_2-s2.0-85055866792-
dc.identifier.volume11199 LNCS-
dc.identifier.spage102-
dc.identifier.epage114-
dc.identifier.eissn1611-3349-

Export via OAI-PMH Interface in XML Formats

OR

Export to Other Non-XML Formats