https://www.mdu.se/

mdu.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Learning Activation Functions for Adversarial Attack Resilience in CNNs
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
2023 (English)In: Lect. Notes Comput. Sci., Springer Science and Business Media Deutschland GmbH , 2023, p. 203-214Conference paper, Published paper (Refereed)
Abstract [en]

Adversarial attacks on convolutional neural networks (CNNs) have been a serious concern in recent years, as they can cause CNNs to produce inaccurate predictions. Through our analysis of training CNNs with adversarial examples, we discovered that this was primarily caused by naïvely selecting ReLU as the default choice for activation functions. In contrast to the focus of recent works on proposing adversarial training methods, we study the feasibility of an innovative alternative: learning novel activation functions to make CNNs more resilient to adversarial attacks. In this paper, we propose a search framework that combines simulated annealing and late acceptance hill-climbing to find activation functions that are more robust against adversarial attacks in CNN architectures. The proposed search method has superior search convergence compared to commonly used baselines. The proposed method improves the resilience to adversarial attacks by achieving up to 17.1%, 22.8%, and 16.6% higher accuracy against BIM, FGSM, and PGD attacks, respectively, over ResNet-18 trained on the CIFAR-10 dataset.
Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2023. p. 203-214
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 14125 LNAI
Keywords [en]
Activation Function, Adversarial Attack, Convolutional Neural Network, Robustness, Activation analysis, Chemical activation, Convolution, Convolutional neural networks, Activation functions, Attack resiliences, High-accuracy, Hill climbing, Neural network architecture, Search method, Training methods, Simulated annealing
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-64441DOI: 10.1007/978-3-031-42505-9_18Scopus ID: 2-s2.0-85172420687ISBN: 9783031425042 (print)OAI: oai:DiVA.org:mdh-64441DiVA, id: diva2:1802768
Conference
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Available from: 2023-10-05 Created: 2023-10-05 Last updated: 2023-10-05Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Salimi, MaghsoodLoni, MohammadSirjani, Marjan

Search in DiVA

By author/editor
Salimi, MaghsoodLoni, MohammadSirjani, Marjan
By organisation
Embedded Systems
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 69 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
Mälardalen University Library
|
DiVA Log in