Advops: Decoupling Adversarial Examples
PATTERN RECOGNITION(2024)
Zhejiang Univ
Abstract
Adversarial examples have a simple additive structure that the clean sample is added with delicate devised noise. Inspired by such an observation, we find that the prediction of the network on adversarial examples can also be decoupled into a simple additive structure, which is the sum of clean samples and adversarial perturbations in terms of the model prediction (called the decoupling principle). Thus, our findings can be served as a useful tool to gain insight into the underlying relationship between the inputs and the outputs of the model. However, although the adversarial examples generated by existing attack methods can satisfy the decoupling principle, the proportion is small. In this paper, we formulate the above issues as an optimization problem with multi-constrains, and we propose a generative model to generate adversarial examples that satisfy the decoupling principle and simultaneously obtain high attack performance. Specifically, we first adopt the adversarial loss to ensure the attack performance. Then, we devise a decouple loss to guarantee the decoupling principle. Moreover, we treat the Euclidean distances of perturbation as regularization terms to maintain visual quality. Extensive experiments against various networks on ImageNet and CIFAR10 show that the proposed method performs better than comparison methods in the comprehensive metric. Furthermore, transferability results suggested that adversarial examples that satisfy the decoupling principle show better transferability.
MoreTranslated text
Key words
Adversarial attack,Analysis of adversarial examples,Analysis of neural network
求助PDF
上传PDF
View via Publisher
AI Read Science
AI Summary
AI Summary is the key point extracted automatically understanding the full text of the paper, including the background, methods, results, conclusions, icons and other key content, so that you can get the outline of the paper at a glance.
Example
Background
Key content
Introduction
Methods
Results
Related work
Fund
Key content
- Pretraining has recently greatly promoted the development of natural language processing (NLP)
- We show that M6 outperforms the baselines in multimodal downstream tasks, and the large M6 with 10 parameters can reach a better performance
- We propose a method called M6 that is able to process information of multiple modalities and perform both single-modal and cross-modal understanding and generation
- The model is scaled to large model with 10 billion parameters with sophisticated deployment, and the 10 -parameter M6-large is the largest pretrained model in Chinese
- Experimental results show that our proposed M6 outperforms the baseline in a number of downstream tasks concerning both single modality and multiple modalities We will continue the pretraining of extremely large models by increasing data to explore the limit of its performance
Upload PDF to Generate Summary
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Data Disclaimer
The page data are from open Internet sources, cooperative publishers and automatic analysis results through AI technology. We do not make any commitments and guarantees for the validity, accuracy, correctness, reliability, completeness and timeliness of the page data. If you have any questions, please contact us by email: report@aminer.cn
Chat Paper
Summary is being generated by the instructions you defined