| 一种基于知识蒸馏的神经网络鲁棒性迁移方法 |
| |
| 引用本文: | 张维,易平. 一种基于知识蒸馏的神经网络鲁棒性迁移方法[J]. 信息安全学报, 2021, 6(4): 60-71 |
| |
| 作者姓名: | 张维 易平 |
| |
| 作者单位: | 上海交通大学网络空间安全学院 上海 中国 200240 |
| |
| 基金项目: | 本课题得到国家重点研发计划(No.2019YFB1405000)资助。 |
| |
| 摘 要: | 近几年来,深度神经网络在多个领域展现了非常强大的应用能力,但是研究者们发现,通过在输入上添加难以察觉的扰动,可以改变神经网络的输出决策,这类样本被称为对抗样本.目前防御对抗样本,最常见的方法是对抗训练,但是对抗训练有着非常高的训练代价.我们提出了一种知识蒸馏的鲁棒性迁移方案(Robust-KD),结合特征图与雅克比矩阵...
|
| 关 键 词: | 对抗样本 模型鲁棒性 迁移学习 知识蒸馏 |
| 收稿时间: | 2020-10-14 |
| 修稿时间: | 2020-12-08 |
A Robust Transfer Method of Neural Network based on Knowledge Distillation |
| |
| ZHANG Wei,YI Ping. A Robust Transfer Method of Neural Network based on Knowledge Distillation[J]. Journal of Cyber Security, 2021, 6(4): 60-71 |
| |
| Authors: | ZHANG Wei YI Ping |
| |
| Affiliation: | School of Cyber Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China |
| |
| Abstract: | In recent years, neural networks have shown very powerful performance in many fields, but researchers have found that by adding imperceptible interference to the input, neural network decisions can be changed. Such samples are called adversarial samples. At present, the most common method for defending adversarial examples is adversarial training, but the training cost of adversarial training is very high. We propose a knowledge purification scheme (Robust-KD) combining feature maps and Jacobian matrix constraints. By migrating robust features from a robust network, we can obtain considerable white box defense capabilities at relatively low training costs. We have conducted a lot of experiments on the Cifar10, Cifar100 and ImageNet datasets. Experiments have proved the effectiveness of the scheme. Even under a very powerful white box attack, our model still has good classification accuracy. |
| |
| Keywords: | adversarial examples model robustness transfer learning knowledge distillation |
|
| 点击此处可从《信息安全学报》浏览原始摘要信息 |
|
点击此处可从《信息安全学报》下载免费的PDF全文 |
|
