Despite their appealing flexibility, deep neural networks (DNNs) are vulnerable against adversarial examples. Various adversarial defense strategies have been proposed to resolve this problem, but they typically demonstrate restricted practicability owing to unsurmountable compromise on universality, effectiveness, or efficiency. In this work, we propose a more practical approach, Lightweight Bayesian Refinement (LiBRe), in the spirit of leveraging Bayesian neural networks (BNNs) for adversarial detection. Empowered by the task and attack agnostic modeling under Bayes principle, LiBRe can endow a variety of pre-trained task-dependent DNNs with the ability of defending heterogeneous adversarial attacks at a low cost. We develop and integrate advanced learning techniques to make LiBRe appropriate for adversarial detection. Concretely, we build the few-layer deep ensemble variational and adopt the pre-training & fine-tuning workflow to boost the effectiveness and efficiency of LiBRe. We further provide a novel insight to realise adversarial detection-oriented uncertainty quantification without inefficiently crafting adversarial examples during training. Extensive empirical studies covering a wide range of scenarios verify the practicability of LiBRe. We also conduct thorough ablation studies to evidence the superiority of our modeling and learning strategies.
翻译:尽管具有吸引力的灵活性,但深心神经网络(DNNs)在对抗性例子面前是脆弱的。各种对抗性防御战略已经提出来解决这个问题,但由于在普遍性、有效性或效率方面无法超越的妥协,这些战略一般都显示出有限的实用性。在这项工作中,我们提出了一个更加实用的方法,即轻量级巴伊西亚精炼(LiBRE),本着利用巴伊西亚神经网络(BNNS)进行对抗性检测的精神,利用亚伊斯原则下的任务和攻击性模型,LiBRE能够提供各种预先训练的、依赖任务的DNS,能够以低费用捍卫多种对抗性对立性攻击。我们开发和整合先进的学习技术,使LIBRE适合对抗性检测。具体地说,我们建立少层次的深刻的混合变异,并采用培训前和微调工作流程,以提高LBRE的效益和效率。我们进一步提供了一种新见解,即实现以对抗性检测为导向的不确定性的量化,而不必在培训期间以低效的对抗性对抗性例子。我们还进行了广泛的实验性研究,还进行了广泛的研究,以彻底的优越性研究,以核查各种设想的理论性研究。