Adversarial attacks have rendered high security risks on modern deep learning systems. Adversarial training can significantly enhance the robustness of neural network models by suppressing the non-robust features. However, the models often suffer from significant accuracy loss on clean data. Ensemble training methods have emerged as promising solutions for defending against adversarial attacks by diversifying the vulnerabilities among the sub-models, simultaneously maintaining comparable accuracy as standard training. However, existing ensemble methods are with poor scalability, owing to the rapid complexity increase when including more sub-models in the ensemble. Moreover, in real-world applications, it is difficult to deploy an ensemble with multiple sub-models, owing to the tight hardware resource budget and latency requirement. In this work, we propose ensemble-in-one (EIO), a simple but efficient way to train an ensemble within one random gated network (RGN). EIO augments the original model by replacing the parameterized layers with multi-path random gated blocks (RGBs) to construct a RGN. By diversifying the vulnerability of the numerous paths within the RGN, better robustness can be achieved. It provides high scalability because the paths within an EIO network exponentially increase with the network depth. Our experiments demonstrate that EIO consistently outperforms previous ensemble training methods with even less computational overhead.
翻译:反向攻击使现代深层学习系统面临高度安全风险; 反向训练通过抑制非紫外线特征,可以大大增强神经网络模型的稳健性; 然而,由于清洁数据的精确性损失很大,模型往往会受到清洁数据方面的大量准确性损失; 合并培训方法已经形成为防范对抗性攻击的有希望的解决办法,使次级模型的脆弱性多样化,同时保持可比的准确性,作为标准培训; 然而,现有的混合方法由于在将更多分型模型纳入合用词库时复杂性的迅速增加,其可缩放性很差; 此外,在现实世界的应用中,由于硬件资源预算紧张和耐久性要求,很难与多个分型模型一起部署合用词的组合材料; 在这项工作中,我们提出了联合使用一号模型(EIO),这是在一个随机封闭网络(RGN)内培训的简单而有效的方法; 电离子系统通过多路段随机门块(RGBs)取代参数化的平流层结构,从而建立RGN系统。 使电子网络的稳定性更加脆弱,因为电子网络在前几条轨道内可以提高。
相关内容
微信扫码咨询专知VIP会员