SARAF: Searching for Adversarial Robust Activation FunctionsShow others and affiliations
2023 (English)In: ACM International Conference Proceeding Series, Association for Computing Machinery , 2023, p. 174-182Conference paper, Published paper (Refereed)
Abstract [en]
Convolutional Neural Networks (CNNs) have received great attention in the computer vision domain. However, CNNs are vulnerable to adversarial attacks, which are manipulations of input data that are imperceptible to humans but can fool the network. Several studies tried to address this issue, which can be divided into two categories: (i) training the network with adversarial examples, and (ii) optimizing the network architecture and/or hyperparameters. Although adversarial training is a sufficient defense mechanism, they suffer from requiring a large volume of training samples to cover a wide perturbation bound. Tweaking network activation functions (AFs) has been shown to provide promising results where CNNs suffer from performance loss. However, optimizing network AFs for compensating the negative impacts of adversarial attacks has not been addressed in the literature. This paper proposes the idea of searching for AFs that are robust against adversarial attacks. To this aim, we leverage the Simulated Annealing (SA) algorithm with a fast convergence time. This proposed method is called SARAF. We demonstrate the consistent effectiveness of SARAF by achieving up to 16.92%, 18.3%, and 15.57% accuracy improvement against BIM, FGSM, and PGD adversarial attacks, respectively, over ResNet-18 with ReLU AFs (baseline) trained on CIFAR-10. Meanwhile, SARAF provides a significant search efficiency compared to random search as the optimization baseline.
Place, publisher, year, edition, pages
Association for Computing Machinery , 2023. p. 174-182
Keywords [en]
Activation Function, Adversarial Attack, Convolutional Neural Network, Optimization, Robustness, Chemical activation, Convolution, Convolutional neural networks, Network architecture, Activation functions, Defence mechanisms, Hyper-parameter, Input datas, Large volumes, Network activations, Optimisations, Simulated annealing
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-63891DOI: 10.1145/3589572.3589598Scopus ID: 2-s2.0-85163400963ISBN: 9781450399531 (print)OAI: oai:DiVA.org:mdh-63891DiVA, id: diva2:1783155
Conference
6th International Conference on Machine Vision and Applications, ICMVA 2023, Singapore, Singapore, 10 March 2023 through 12 March 2023
2023-07-192023-07-192023-07-19Bibliographically approved