1、NESTEROV ACCELERATED GRADIENT AND SCALE INVARIANCE FOR ADVERSARIAL ATTACKS(ICLR)
contribution:Nesterov Iterative Fast Gradient Sign Method (NI-FGSM) and Scale-Invariant attack Method (SIM)
preliminary:
- Fast Gradient Sign Method (FGSM).
- Iterative Fast Gradient Sign Method (I-FGSM)
- Projected Gradient Descent (PGD)
- Momentum Iterative Fast Gradient Sign Method (MI-FGSM)
- Diverse Input Method (DIM)
- Translation-Invariant Method (TIM)
- Carlini & Wagner attack (C&W).
defence methods:
- Adversarial Training.
- Input Modification.
methodology:
motivation: And the adversarial examples can be viewed as the training parameters of the model. Then in the testing phase, the black-box models to evaluate the adversarial examples can be viewed as the testing data of the model.From the perspective of the optimization, the transferability of the adversarial examples is similar with the generalization ability of the trained models.
从上述角度出发,我们迁移模型泛化中方法到对抗样本迁移性增强当中,而模型泛化能力增强的方法主要有两类组成:1.更好的优化算法(ADAM优化器等)2、数据增强
因此,对抗样本迁移的方法对应的为:1、更好的优化算法(将动量引入到对抗样本优化生成中,alleviates the trade-off between the attack ability and the transferability)2、模型增强(在攻击时选择更多的模型进行攻击),对应到本文中则是NI-FGSM和SIM
NI-FGSM
在介绍NI-FGSM前,需要介绍Nesterov Accelerated Gradient方法,传统的动量方法的公式如下:
但是这个时候我们可以思考在对梯度更新时,我们将 v t v_t vt的更新公式代入位置更新中得到
x t = x t − 1 − v t = x t − 1 − γ v t − 1 − η t ∇ f t x_t = x_{t-1} - v_t = x_{t-1} - \gamma v_{t-1} - \eta_t \nabla f_{t} xt=xt−1−v
最低0.47元/天 解锁文章
扫一扫
830
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
