融合迁移学习的对抗训练模型鲁棒性优化方法
A Model Robustness Optimization Method Integrating Transfer Learning and Adversarial Training
张兆祥 1李林娟 2谢刚2
作者信息
- 1. 太原科技大学电子信息工程学院,山西 太原 030024
- 2. 太原科技大学电子信息工程学院,山西 太原 030024;先进控制与装备智能化山西省重点实验室,山西 太原 030024
- 折叠
摘要
在图像分类网络中使用对抗训练方法会提高模型鲁棒性,但也会导致分类精度下降.为此,提出一种融合迁移学习的对抗训练鲁棒性优化方法.首先采用迁移学习中的模型迁移法提高网络对非鲁棒性特征的学习能力,并构造对抗样本;在损失函数中添加L2 正则化项,约束参数空间,加快对抗训练收敛速度;最后训练得到鲁棒的分类网络模型.在CIFAR-10和蚂蚁蜜蜂数据集上进行实验,实现了在三种对抗样本攻击下准确率分别提升 8.3%、36.7%、13.9%.实验结果表明,上述方法在提高模型鲁棒性的同时,分类精度也有所提高.
Abstract
In image classification networks,the adversarial training method is used to improve the robustness of the model.However,it can also bring a decrease in the classification accuracy of the model.To solve this problem,a new adversarial training approach incorporating transfer learning is proposed for robustness optimization.First,the model transfer strategy in transfer learning is adopted to enhance the learning ability of non-robust features,and then helps to construct adversarial samples.Second,the L2 regularization term is added to the loss function to constrain the parameter space and speed up the adversarial training convergence.In the end,the robust classification model is ob-tained through training.The experiments on the CIFAR-10 and Ant-Bee datasets achieve accuracy improvements of 8.3%,36.7%,and 13.9%,respectively,under three adversarial sample attacks.Experimental results demonstrate that the proposed method can improve the robustness of the model as well as the accuracy of classification.
关键词
迁移学习/对抗训练/对抗样本/鲁棒性/卷积神经网络Key words
Transfer learning/Adversarial training/Adversarial examples/Robustness/Convolutional neural net-works引用本文复制引用
基金项目
中央引导地方科技发展专项(YDZX201914 00002270)
山西省科技成果转化引导专项(201904D131023)
出版年
2024
NETL
NSTL
万方数据