https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
SARAF: Searching for Adversarial Robust Activation Functions
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0003-0416-1787
Show others and affiliations
2023 (English)In: ACM International Conference Proceeding Series, Association for Computing Machinery , 2023, p. 174-182Conference paper, Published paper (Refereed)
Abstract [en]

Convolutional Neural Networks (CNNs) have received great attention in the computer vision domain. However, CNNs are vulnerable to adversarial attacks, which are manipulations of input data that are imperceptible to humans but can fool the network. Several studies tried to address this issue, which can be divided into two categories: (i) training the network with adversarial examples, and (ii) optimizing the network architecture and/or hyperparameters. Although adversarial training is a sufficient defense mechanism, they suffer from requiring a large volume of training samples to cover a wide perturbation bound. Tweaking network activation functions (AFs) has been shown to provide promising results where CNNs suffer from performance loss. However, optimizing network AFs for compensating the negative impacts of adversarial attacks has not been addressed in the literature. This paper proposes the idea of searching for AFs that are robust against adversarial attacks. To this aim, we leverage the Simulated Annealing (SA) algorithm with a fast convergence time. This proposed method is called SARAF. We demonstrate the consistent effectiveness of SARAF by achieving up to 16.92%, 18.3%, and 15.57% accuracy improvement against BIM, FGSM, and PGD adversarial attacks, respectively, over ResNet-18 with ReLU AFs (baseline) trained on CIFAR-10. Meanwhile, SARAF provides a significant search efficiency compared to random search as the optimization baseline.

Place, publisher, year, edition, pages
Association for Computing Machinery , 2023. p. 174-182
Keywords [en]
Activation Function, Adversarial Attack, Convolutional Neural Network, Optimization, Robustness, Chemical activation, Convolution, Convolutional neural networks, Network architecture, Activation functions, Defence mechanisms, Hyper-parameter, Input datas, Large volumes, Network activations, Optimisations, Simulated annealing
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-63891DOI: 10.1145/3589572.3589598Scopus ID: 2-s2.0-85163400963ISBN: 9781450399531 (print)OAI: oai:DiVA.org:mdh-63891DiVA, id: diva2:1783155
Conference
6th International Conference on Machine Vision and Applications, ICMVA 2023, Singapore, Singapore, 10 March 2023 through 12 March 2023
Available from: 2023-07-19 Created: 2023-07-19 Last updated: 2023-07-19Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Salimi, MaghsoodLoni, MohammadSirjani, MarjanCicchetti, AntonioAbbaspour Asadollah, Sara

Search in DiVA

By author/editor
Salimi, MaghsoodLoni, MohammadSirjani, MarjanCicchetti, AntonioAbbaspour Asadollah, Sara
By organisation
Embedded Systems
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 82 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf