Abstract
Deep Neural Networks show superior performance in various tasks but are vulnerable to adversarial attacks. Most defense techniques are devoted to the adversarial training strategies, however, it is difficult to achieve satisfactory robust performance only with traditional adversarial training. We mainly attribute it to that aggressive perturbations which lead to the loss increment can always be found via gradient ascent in white-box setting. Although some noises can be involved to prevent attacks from deriving precise gradients on inputs, there exist trade-offs between the defense capability and natural generalization. Taking advantage of the properties of random projection, we propose to replace part of convolutional filters with random projection filters, and theoretically explore the geometric representation preservation of proposed synthesized filters via Johnson-Lindenstrauss lemma. We conduct sufficient evaluation on multiple networks and datasets. The experimental results showcase the superiority of proposed random projection filters to state-of-the-art baselines. The code is available on GitHub. © 2023 IEEE.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023 |
| Place of Publication | Los Alamitos, Calif. |
| Publisher | IEEE Computer Society |
| Pages | 4077-4086 |
| Number of pages | 10 |
| ISBN (Electronic) | 9798350301298 |
| ISBN (Print) | 9798350301304 |
| DOIs | |
| Publication status | Published - 2023 |
| Externally published | Yes |
| Event | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2023) - Vancouver Convention Center, Vancouver, Canada Duration: 18 Jun 2023 → 22 Jun 2023 https://cvpr2023.thecvf.com/Conferences/2023 https://openaccess.thecvf.com/menu https://ieeexplore.ieee.org/xpl/conhome/1000147/all-proceedings |
Publication series
| Name | Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition |
|---|---|
| Volume | 2023-June |
| ISSN (Print) | 1063-6919 |
| ISSN (Electronic) | 2575-7075 |
Conference
| Conference | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2023) |
|---|---|
| Abbreviated title | CVPR2023 |
| Country/Territory | Canada |
| City | Vancouver |
| Period | 18/06/23 → 22/06/23 |
| Internet address |
Funding
This work was supported in part by the Australian Research Council under Project DP210101859 and the University of Sydney Research Accelerator (SOAR) Prize. The authors acknowledge the use of the National Computational Infrastructure (NCI) which is supported by the Australian Government, and accessed through the NCI Adapter Scheme and Sydney Informatics Hub HPC Allocation Scheme. The AI training platform supporting this work were provided by High-Flyer AI. (Hangzhou High-Flyer AI Fundamental Research Co., Ltd.)
Research Keywords
- Adversarial attack and defense