基于Fisher信息矩阵特征值的对抗样本防御



活动地点:校本部东区计算机楼402

活动时间:2020-11-09 10:00:00

报 告 人: 沈超敏,华东师范大学计算机科学与技术学院

报告时间:11月9日(周一)10:00-12:00

报告地点:校本部东区计算机学院402

邀 请 人:韩越兴 副教授

报告摘要:

We propose a scheme, named SEAL (Suppressing Eigenvalue in Adversarial Learning), for defending against adversarial attacks by suppressing the largest eigenvalue of the Fisher information matrix (FIM). SEAL is based on the following observation: adversarial phenomenon may occur when the FIM, which is a connection between the input and output in the neural network, has large eigenvalue(s). This observation makes the adversarial defense possible by controlling the eigenvalues of the FIM. Our solution is adding a regularization term to the loss function of the original network. The term represents the maximum eigenvalue or the trace of the FIM, as its eigenvalues are bounded by the trace. SEAL does not require any modification of the network structure. Our adversarial robustness is verified by experiments using a variety of standard attacking methods on typical deep neural networks, e.g. LeNet, VGG and ResNet, with datasets MNIST, CIFAR10, and German Traffic Sign Recognition Benchmark (GTSRB). SEAL decreases the fooling ratio of the generated adversarial examples significantly, and remains the classification accuracy of the original network. 

报告人简介:

沈超敏,华东师范大学计算机科学与技术学院副教授。从事人工智能在图像处理中的理论和应用研究,包括深度学习下的对抗防御、骨科手术导航、MRI快速重建等。主持国家自然基金面上项目和横向项目,作为学术骨干承担973、国家自然基金重点项目。在国际重要学术期刊和会议上发表学术论文40余篇,包括CCF A、SCI 1区的论文多篇。任数学图像联盟 (Union of Mathematical Imaging, UMI) 秘书长、上海力学会交通流与数据科学专业委员会委员。作为指导教师,指导学生在第三届图像计算与数字医学国际研讨会(ISICDM 2019) 肝脏分割挑战赛上获二等奖。


  • 快速导航
  • 国际交流

版权所有 © 上海大学   沪ICP备09014157   地址:上海市宝山区上大路99号   邮编:200444   电话总机:021-96928188   校内电话查询
互联网违法和不良信息举报   举报电话   举报邮箱   沪公网安备31009102000049号
技术支持:上海大学信息化工作办公室   联系我们