Deep learning has been regarded as the `go to' solution for many tasks today, but its intrinsic vulnerability to malicious attacks has become a major concern. The vulnerability is affected by a variety of factors including models, tasks, data, and attackers. Consequently, methods such as Adversarial Training and Randomized Smoothing have been proposed to tackle the problem in a wide range of applications. In this paper, we investigate skeleton-based Human Activity Recognition, which is an important type of time-series data but under-explored in defense against attacks. Our method is featured by (1) a new Bayesian Energy-based formulation of robust discriminative classifiers, (2) a new parameterization of the adversarial sample manifold of actions, and (3) a new post-train Bayesian treatment on both the adversarial samples and the classifier. We name our framework Bayesian Energy-based Adversarial Training or BEAT. BEAT is straightforward but elegant, which turns vulnerable black-box classifiers into robust ones without sacrificing accuracy. It demonstrates surprising and universal effectiveness across a wide range of action classifiers and datasets, under various attacks.
翻译:深层次的学习被认为是当今许多任务的`走向'的解决方案,但其内在易受恶意攻击的脆弱性已成为一个主要关切,脆弱性受到各种因素的影响,包括模型、任务、数据和攻击者。因此,提出了各种方法,如反向培训和随机平滑等,以解决该问题。在本文件中,我们调查基于骨骼的人类活动认识,这是一个重要的时间序列数据类型,但在防御攻击方面探索不足。我们的方法包括:(1) 一种基于巴耶斯能源的新型强力歧视分类师新配制,(2) 对抗性抽样行动组合的新参数化,(3) 以及(3) 对抗性巴伊西亚样品和分类师的新型后巴伊斯治疗。我们命名了我们基于巴伊西亚能源的反向培训或BEAT的框架。BEAT是简洁而优雅的,它使脆弱的黑盒分类师在不牺牲准确性的情况下变成坚固的数据。它显示了各种攻击下一系列行动分类和数据集的惊人和普遍效力。
相关内容
微信扫码咨询专知VIP会员