advanced
Volume 19 Issue 5
October  2022
Turn off MathJax
Article Contents
Relative Articles
Kai-Yuan Liu, Xing-Yu Li, Yu-Rui Lai, Hang Su, Jia-Chen Wang, Chun-Xu Guo, Hong Xie, Ji-Song Guan, Yi Zhou. Denoised Internal Models: A Brain-inspired Autoencoder Against Adversarial Attacks. Machine Intelligence Research, vol. 19, no. 5, pp.456-471, 2022. https://doi.org/10.1007/s11633-022-1375-7
Citation: Kai-Yuan Liu, Xing-Yu Li, Yu-Rui Lai, Hang Su, Jia-Chen Wang, Chun-Xu Guo, Hong Xie, Ji-Song Guan, Yi Zhou. Denoised Internal Models: A Brain-inspired Autoencoder Against Adversarial Attacks. Machine Intelligence Research, vol. 19, no. 5, pp.456-471, 2022. https://doi.org/10.1007/s11633-022-1375-7
shu

Denoised Internal Models: A Brain-inspired Autoencoder Against Adversarial Attacks

doi: 10.1007/s11633-022-1375-7
  • 1.

    School of Life Sciences and Technology, ShanghaiTech University, Shanghai 201210, China

  • 2.

    Shanghai Center for Brain Science and Brain-inspired Technology, Shanghai 201602, China

  • 3.

    School of Life Sciences, Tsinghua University, Beijing 100084, China

  • 4.

    National Engineering Laboratory for Brain-inspired Intelligence Technology and Application, School of Information Science and Technology, University of Science and Technology of China, Hefei 230026, China

  • 5.

    Institute of Photonic Chips, University of Shanghai for Science and Technology, Shanghai 200093, China

  • 6.

    Centre for Artificial-intelligence Nanophotonics, School of Optical-electrical and Computer Engineering, University of Shanghai for Science and Technology, Shanghai 200093, China

More Information
  • Author Bio:

    Kai-Yuan Liu received the B. Sc. degree in applied mathematics from Tsinghua University, China in 2017. Currently, he is a Ph. D. degree candidate in biology at School of Life Sciences, Tsinghua University, China.His research interests include memory-coding mechanism in neural system, deep learning, brain-inspired intelligence, and pattern recognition.E-mail: liu-ky17@mails.tsinghua.edu.cnORCID iD: 0000-0003-2188-5082

    Xing-Yu Li received the B. Sc. degree in applied physics from Anhui Jianzhu University, China in 2011, the M. Sc. degree in computer science from University of California, USA in 2020, and the Ph. D. degree in atomic and molecular physics from University of Science and Technology of China, China in 2017. Currently, he is a post-doctoral researcher with Shanghai Center for Brain Science and Brain-Inspired Technology, China.His research interests include deep learning, brain-inspired intelligence, and pattern recognition.E-mail: xyli1905@bsbii.cnORCID iD: 0000-0002-0043-316X

    Yu-Rui Lai received the B. Eng. degree in computer science and technology from ShanghaiTech University, China in 2021. He is currently a master student in computer science and technology, ShanghaiTech University, China.His research interests include brain-inspired deep learning, model compression, graph neural network.E-mail: laiyr@shanghaitech.edu.cn

    Hang Su received B. Eng. degree in computer science and the technology from ShanghaiTech University, China in 2021. He is currently a master student with School of Information Science and Technology, ShanghaiTech University, China.His research interests include simultaneous localization and mapping (SLAM), computer vision, and deep learning.E-mail: suhang@shanghaitech.edu.cn

    Jia-Chen Wang received the B. Eng. degree in computer science and the technology from ShanghaiTech University, China in 2022, and is currently a master student in electronic and computer engineering at University of Michigan, USA.His research interests include multi-agent reinforcement learning and game theory.E-mail: wangjch2@shanghaitech.edu.cn

    Chun-Xu Guo is a master student in biomedical engineering at ShanghaiTech University, China in 2022. He was a research assistant at Guan Laboratory, ShanghaiTech University, China in 2020. He is currently a research assistant in IDEALab at School of Biomedical Engineering, ShanghaiTech University, China.His research interests include medical image analysis, MRI reconstruction, and neuro-computation.E-mail: guochx@shanghaitech.edu.cn

    Hong Xie received the B. Sc. degree in life sciences from Wuhan University, China in 2001, and the Ph.D. degree in life sciences from Institute of neuroscience, Chinese Academy of Sciences, China in 2006. From 2007 to 2010, she was a post-doctoral researcher with Harvard Medical School Massachusetts General Hospital, USA. From 2011 to 2018, she was a assistant investigator with School of Life Sciences, Tsinghua University, China. From 2018 to 2021, she was an associate investigator with Zhangjiang Laboratory Brain and Intelligence Technology Research Institute, China. She is now an associate professor with University of Shanghai for Science and Technology, China. She has authored or co-authored several peer-reviewed papers in top international journals, including Nature Communication, Journal of Neuroscience and PNAS.Her research interests include the memory-coding mechanism and neural circuit of learning and memory in the mammalian brain.E-mail: hongxie@usst.edu.cn

    Ji-Song Guan received the B. Sc. degree in life sciences from Nanjing University, China in 2001, and the Ph. D. degree in life sciences from Institute of neuroscience, Chinese Academy of Sciences, China in 2006. From 2006 to 2010, he was a post-doctoral researcher with Massachusetts Institute of Technology (MIT), USA. From 2011 to 2017, he was a professor (associate) with School of Life Sciences, Tsinghua University, China. From 2017 to 2021, he was an associate professor (tenure-track) with School of Life Science and Technology, ShanghaiTech University, China. He is now an associate professor (tenured) with School of Life Science and Technology, ShanghaiTech University, China. He has authored or co-authored several peer-reviewed papers in top international journals, including Nature, Cell, Nature Neuroscience, Neuron, Nature Communications and PNAS.His research interests include the memory-coding mechanism and neural circuit of learning and memory in the mammalian brain.E-mail: guanjs@shanghaitech.edu.cn (Corresponding author)ORCID iD: 0000-0001-5219-0289

    Yi Zhou received the B. Eng. degree (special class for gifted young (SCGY)) and the Ph. D. degree in computer science from University of Science and Technology of China, China in 2001 and 2006, respectively. From 2006 to 2011, he was a post-doctoral researcher with West Sydney University (WSU), Australia. He was a lecturer (from 2011 to 2015) and a senior lecturer (from 2016 to 2018) with School of Computing and Mathematics, WSU, Australia. From 2018 to 2019, he was a research fellow with Center of Computational Neuroscience and Brain-inspired Intelligence, Zhangjiang National Laboratory, China. From 2019 to 2022, he was a research fellow with Department of Computational Neuroscience and Brain-inspired Intelligence, Shanghai Center for Brain Science and Brain-Inspired Technology, China. He is now a full professor with School of Information Science and Technology, University of Science and Technology of China, China. He has authored or co-authored more than 50 peer-reviewed papers in leading AI journals and conferences, including 6 long articles in one of the most prestigious AI journals — Artificial Intelligence. He has served as the (senior) program committee member of many top-tier AI conferences including IJCAI, AAAI, ECAI, KR, etc. He won the championship of automated math question answering competition at SemEval′19 with colleagues. His research interests include cognitive artificial intelligence, brain-inspired intelligence, AI-based automated math question answering for International Math Olympiad (IMO), and AI solutions for real-life applications.E-mail: yizhoujoey@gmail.com (Corresponding author)ORCID iD: 0000-0003-3932-6422

  • Received Date: 2022-04-09
  • Accepted Date: 2022-09-06
  • Publish Date: 2022-10-01
    Abstract
  • Despite its great success, deep learning severely suffers from robustness; i.e., deep neural networks are very vulnerable to adversarial attacks, even the simplest ones. Inspired by recent advances in brain science, we propose the denoised internal models (DIM), a novel generative autoencoder-based model to tackle this challenge. Simulating the pipeline in the human brain for visual signal processing, DIM adopts a two-stage approach. In the first stage, DIM uses a denoiser to reduce the noise and the dimensions of inputs, reflecting the information pre-processing in the thalamus. Inspired by the sparse coding of memory-related traces in the primary visual cortex, the second stage produces a set of internal models, one for each category. We evaluate DIM over 42 adversarial attacks, showing that DIM effectively defenses against all the attacks and outperforms the SOTA on the overall robustness on the MNIST (Modified National Institute of Standards and Technology) dataset.

     

    • 1 We use foolbox v2.4.0 for the Pointwise attack since it is not available in foolbox v3.2.1.
    †These authors contributed equally to this work.
    FullText(HTML)
  • loading
    • References(81)
  • [1]
    Y. LeCun, B. Boser, J. S. Denker, D. Henderson, R. E. Howard, W. Hubbard, L. D. Jackel. Backpropagation applied to handwritten zip code recognition. Neural Computation, vol. 1, no. 4, pp. 541–551, 1989. DOI: 10.1162/neco.1989.1.4.541.
    [2]
    K. M. He, X. Y. Zhang, S. Q. Ren, J. Sun. Deep residual learning for image recognition. In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, pp. 770–778, 2016. DOI: 10.1109/CVPR.2016.90.
    [3]
    A. Krizhevsky, I. Sutskever, G. E. Hinton. ImageNet classification with deep convolutional neural networks. In Proceedings of the 25th International Conference on Neural Information Processing Systems, Lake Tahoe, USA, pp. 1097–1105, 2012.
    [4]
    C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens, Z. Wojna. Rethinking the inception architecture for computer vision. In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, pp. 2818–2826, 2016. DOI: 10.1109/CVPR.2016.308.
    [5]
    D. Amodei, S. Ananthanarayanan, R. Anubhai, J. L. Bai, E. Battenberg, C. Case, J. Casper, B. Catanzaro, J. D. Chen, M. Chrzanowski, A. Coates, G. Diamos, E. Elsen, J. H. Engel, L. X. Fan, C. Fougner, A. Y. Hannun, B. Jun, T. Han, P. LeGresley, X. G. Li, L. Lin, S. Narang, A. Y. Ng, S. Ozair, R. Prenger, S. Qian, J. Raiman, S. Satheesh, D. Seetapun, S. Sengupta, C. Wang, Z. Q. Wang, B. Xiao, Y. Xie, D. Yogatama, J. Zhan, Z. Y. Zhu. Deep speech 2: End-to-end speech recognition in English and mandarin. In Proceedings of the 33nd International Conference on Machine Learning, New York, USA, pp. 173–182, 2016.
    [6]
    W. Xiong, J. Droppo, X. Huang, F. Seide, M. Seltzer, A. Stolcke, D. Yu, G. Zweig. Achieving human parity in conversational speech recognition. [Online], Available: https://arxiv.org/abs/1610.05256, 2016.
    [7]
    A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, Ł. Kaiser, I. Polosukhin. Attention is all you need. In Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, USA, pp. 6000–6010, 2017.
    [8]
    J. Devlin, M. W. Chang, K. Lee, K. Toutanova. BERT: Pre-training of deep bidirectional transformers for language understanding. In Proceedings of Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Minneapolis, Minnesota, pp. 4171–4186, 2019. DOI: 10.18653/v1/N19-1423.
    [9]
    Z. L. Yang, Z. H. Dai, Y. M. Yang, J. Carbonell, R. Salakhutdinov, Q. V. Le. XLNet: Generalized autoregressive pretraining for language understanding. In Proceedings of the 33rd International Conference on Neural Information Processing Systems, Vancouver, Canada, Article No. 517, 2019.
    [10]
    J. X. Gu, Z. H. Wang, J. Kuen, L. Y. Ma, A. Shahroudy, B. Shuai, T. Liu, X. X. Wang, G. Wang, J. F. Cai, T. Chen. Recent advances in convolutional neural networks. Pattern Recognition, vol. 77, pp. 354–377, 2018. DOI: 10.1016/j.patcog.2017.10.013.
    [11]
    C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. J. Goodfellow, R. Fergus. Intriguing properties of neural networks. In Proceedings of the 2nd International Conference on Learning Representations, Banff, Canada, 2014.
    [12]
    B. Biggio, I. Corona, D. Maiorca, B. Nelson, N. Šrndić, P. Laskov, G. Giacinto, F. Roli. Evasion attacks against machine learning at test time. In Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases, Springer, Prague, Czech Republic, pp. 387–402, 2013. DOI: 10.1007/978-3-642-40994-3_25.
    [13]
    I. J. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, Y. Bengio. Generative adversarial nets. In Proceedings of the 27th International Conference on Neural Information Processing Systems, Montreal, Canada, vol. 2, pp. 2672–2680, 2014.
    [14]
    B. Biggio, F. Roli. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, vol. 84, pp. 317–331, 2018. DOI: 10.1016/j.patcog.2018.07.023.
    [15]
    I. J. Goodfellow, J. Shlens, C. Szegedy. Explaining and harnessing adversarial examples. In Proceedings of the 3rd International Conference on Learning Representations, San Diego, USA, 2015.
    [16]
    S. M. Moosavi-Dezfooli, A. Fawzi, P. Frossard. DeepFool: A simple and accurate method to fool deep neural networks. In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, USA, pp. 2574–2582, 2016. DOI: 10.1109/CVPR.2016.282.
    [17]
    A. Athalye, N. Carlini. On the robustness of the CVPR 2018 white-box adversarial example defenses. [Online], Available: https://arxiv.org/abs/1804.03286, 2018.
    [18]
    Y. D. Xu, M. Vaziri-Pashkam. Limits to visual representational correspondence between convolutional neural networks and the human brain. Nature Communications, vol. 12, no. 1, Article number 2065, 2021. DOI: 10.1038/s41467-021-22244-7.
    [19]
    A. Athalye, L. Engstrom, A. Ilyas, K. Kwok. Synthesizing robust adversarial examples. In Proceedings of the 35th International Conference on Machine Learning, Stockholmsmässan, Sweden, vol. 80, pp. 284–293, 2018.
    [20]
    E. Casamassima, A. Herbert, C. Merkel. Exploring CNN features in the context of adversarial robustness and human perception. In Proceedings of SPIE, Applications of Machine Learning, San Diego, USA, vol. 11843, Article number 1184313, 2021. DOI: 10.1117/12.2594363.
    [21]
    Y. J. Huang, S. H. Dai, T. Nguyen, P. L. Bao, D. Y. Tsao, R. G. Baraniuk, A. Anandkumar. Brain-inspired robust vision using convolutional neural networks with feedback. In Proceedings of the 33rd Neural Information Processing Systems, Vancouver, Canada, 2019.
    [22]
    F. Rosenblatt. The perceptron: A probabilistic model for information storage and organization in the brain. Psychological Review, vol. 65, no. 6, pp. 386–408, 1958. DOI: 10.1037/h0042519.
    [23]
    A. F. Agarap. Deep learning using rectified linear units (ReLU), [Online], Available: https://arxiv.org/abs/1803.08375, 2019.
    [24]
    J. L. Elman. Finding structure in time. Cognitive Science, vol. 14, no. 2, pp. 179–211, 1990. DOI: 10.1207/s15516709cog1402_1.
    [25]
    J. Cudeiro, A. M. Sillito. Looking back: Corticothalamic feedback and early visual processing. Trends in Neurosciences, vol. 29, no. 6, pp. 298–306, 2006. DOI: 10.1016/j.tins.2006.05.002.
    [26]
    A. M. Derrington, J. Krauskopf, P. Lennie. Chromatic mechanisms in lateral geniculate nucleus of macaque. Journal of Physiology, vol. 357, pp. 241–265, 1984. DOI: 10.1113/jphysiol.1984.sp015499.
    [27]
    D. H. O'Connor, M. M. Fukui, M. A. Pinsk, S. Kastner. Attention modulates responses in the human lateral geniculate nucleus. Nature Neuroscience, vol. 5, no. 11, pp. 1203–1209, 2002. DOI: 10.1038/nn957.
    [28]
    H. Xie, Y. Liu, Y. Z. Zhu, X. L. Ding, Y. H. Yang, J. S. Guan. In vivo imaging of immediate early gene expression reveals layer-specific memory traces in the mammalian brain. Proceedings of the National Academy of Sciences of the United States of America, vol. 111, no. 7, pp. 2788–2793, 2014. DOI: 10.1073/pnas.1316808111.
    [29]
    S. Tonegawa, X. Liu, S. Ramirez, R. Redondo. Memory engram cells have come of age. Neuron, vol. 87, no. 5, pp. 918–931, 2015. DOI: 10.1016/j.neuron.2015.08.002.
    [30]
    R. Q. Quiroga, L. Reddy, G. Kreiman, C. Koch, I. Fried. Invariant visual representation by single neurons in the human brain. Nature, vol. 435, no. 7045, pp. 1102–1107, 2005. DOI: 10.1038/nature03687.
    [31]
    J. L. McGaugh. Memory–A century of consolidation. Science, vol. 287, no. 5451, pp. 248–251, 2000. DOI: 10.1126/science.287.5451.248.
    [32]
    J. S. Guan, J. Jiang, H. Xie, K. Y. Liu. How does the sparse memory “engram” neurons encode the memory of a spatial–temporal event? Frontiers in Neural Circuits, vol. 10, Article number 61, 2016. DOI: 10.3389/fncir.2016.00061.
    [33]
    X. Liu, S. Ramirez, P. T. Pang, C. B. Puryear, A. Govindarajan, K. Deisseroth, S. Tonegawa. Optogenetic stimulation of a hippocampal engram activates fear memory recall. Nature, vol. 484, no. 7394, pp. 381–385, 2012. DOI: 10.1038/nature11028.
    [34]
    X. Liu, S. Ramirez, S. Tonegawa. Inception of a false memory by optogenetic manipulation of a hippocampal memory engram. Philosophical Transactions of the Royal Society B:Biological Sciences, vol. 369, no. 1633, Article number 20130142, 2014. DOI: 10.1098/rstb.2013.0142.
    [35]
    Y. Lecun, L. Bottou, Y. Bengio, P. Haffner. Gradient-based learning applied to document recognition. Proceedings of IEEE, vol. 86, no. 11, pp. 2278–2324, 1998. DOI: 10.1109/5.726791.
    [36]
    J. Rauber, W. Brendel, M. Bethge. Foolbox: A python toolbox to benchmark the robustness of machine learning models. [Online], Available: https://arxiv.org/abs/1707.04131, 2017.
    [37]
    F. Tramèr, A. Kurakin, N. Papernot, I. J. Goodfellow, D. Boneh, P. D. McDaniel. Ensemble adversarial training: Attacks and defenses. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018
    [38]
    J. Rony, L. G. Hafemann, L. S. Oliveira, I. B. Ayed, R. Sabourin, E. Granger. Decoupling direction and norm for efficient gradient-based L2 adversarial attacks and defenses. In Proceedings of IEEE/CVF Conference on Computer Vision and Pattern Recognition, IEEE, Long Beach, USA, pp. 4317–4325, 2019. DOI: 10.1109/CVPR.2019.00445.
    [39]
    J. Rauber, M. Bethge. Fast differentiable clipping-aware normalization and rescaling. [Online], Available: https://arxiv.org/abs/2007.07677, 2020.
    [40]
    H. Hosseini, B. C. Xiao, M. Jaiswal, R. Poovendran. On the limitation of convolutional neural networks in recognizing negative images. In Proceedings of the 16th IEEE International Conference on Machine Learning and Applications, Cancun, Mexico, pp. 352–358, 2017. DOI: 10.1109/ICMLA.2017.0-136.
    [41]
    N. Carlini, D. Wagner. Towards evaluating the robustness of neural networks. In Proceedings of IEEE Symposium on Security and Privacy, San Jose, USA, pp. 39–57, 2017. DOI: 10.1109/SP.2017.49.
    [42]
    W. Brendel, J. Rauber, M. Kümmerer, I. Ustyuzhaninov, M. Bethge. Accurate, reliable and fast robustness evaluation. In Proceedings of the 33rd Conference on Neural Information Processing Systems, Vancouver, Canada, Article number 1152, 2019.
    [43]
    W. Brendel, J. Rauber, M. Bethge. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [44]
    L. Schott, J. Rauber, M. Bethge, W. Brendel. Towards the first adversarially robust neural network model on MNIST. In Proceedings of the 7th International Conference on Learning Representations, New Orleans, USA, 2019.
    [45]
    X. W. Yin, S. Kolouri, G. K. Rohde. GAT: Generative adversarial training for adversarial example detection and robust classification. In Proceedings of the 8th International Conference on Learning Representations, Addis Ababa, Ethiopia, 2020.
    [46]
    T. Y. Pang, K. Xu, C. Du, N. Chen, J. Zhu. Improving adversarial robustness via promoting ensemble diversity. In Proceedings of the 36th International Conference on Machine Learning, Long Beach, USA, vol. 97, pp. 4970–4979, 2019.
    [47]
    T. Yu, S. Y. Hu, C. Guo, W. L. Chao, K. Q. Weinberger. A new defense against adversarial images: Turning a weakness into a strength. In Proceedings of the 33rd International Conference on Neural Information Processing Systems, Vancouver, Canada, Article number 146, 2019.
    [48]
    G. Verma, A. Swami. Error correcting output codes improve probability estimation and adversarial robustness of deep neural networks. In Proceedings of the 33rd International Conference on Neural Information Processing Systems, Vancouver, Canada, Article number 776, 2019.
    [49]
    M. Bafna, J. Murtagh, N. Vyas. Thwarting adversarial examples: An L0L0-robust sparse Fourier transform. In Proceedings of the 32nd International Conference on Neural Information Processing Systems, Montreal, Canada, pp. 10096–10106, 2018.
    [50]
    T. Y. Pang, K. Xu, Y. P. Dong, C. Du, N. Chen, J. Zhu. Rethinking softmax cross-entropy loss for adversarial robustness. In Proceedings of the 8th International Conference on Learning Representations, Addis Ababa, Ethiopia, 2020.
    [51]
    A. Kurakin, I. J. Goodfellow, S. Bengio. Adversarial examples in the physical world. Artificial Intelligence Safety and Security, R. V. Yampolskiy, Ed., New York, USA: Chapman and Hall, pp. 99−112, 2018.
    [52]
    A. Madry, A. Makelov, L. Schmidt, D. Tsipras, A. Vladu. Towards deep learning models resistant to adversarial attacks. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [53]
    S. Yun, D. Han, S. Chun, S. J. Oh, Y. Yoo, J. Choe. CutMix: Regularization strategy to train strong classifiers with localizable features. In Proceedings of the IEEE/CVF International Conference on Computer Vision, IEEE, Seoul, Korea, pp. 6022–6031, 2019. DOI: 10.1109/ICCV.2019.00612.
    [54]
    D. Hendrycks, T. G. Dietterich. Benchmarking neural network robustness to common corruptions and perturbations. In Proceedings of the 7th International Conference on Learning Representations, New Orleans, USA, 2019.
    [55]
    Q. Z. Xie, M. T. Luong, E. Hovy, Q. V. Le. Self-training with noisy student improves ImageNet classification. In Proceedings of IEEE/CVF Conference on Computer Vision and Pattern Recognition, IEEE, Seattle, USA, pp. 10684–10695, 2020. DOI: 10.1109/CVPR42600.2020.01070.
    [56]
    P. Vaishnavi, T. Cong, K. Eykholt, A. Prakash, A. Rahmati. Can attention masks improve adversarial robustness? In Proceedings of the 3rd International Workshop on Engineering Dependable and Secure Machine Learning Systems, New York, USA, pp. 14–22, 2020. DOI: 10.1007/978-3-030-62144-5_2.
    [57]
    P. Vincent, H. Larochelle, I. Lajoie, Y. Bengio, P. A. Manzagol. Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion. Journal of Machine Learning Research, vol. 11, pp. 3371–3408, 2010.
    [58]
    C. Guo, M. Rana, M. Cissé, L. van der Maaten. Countering adversarial images using input transformations. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [59]
    C. H. Xie, J. Y. Wang, Z. S. Zhang, Z. Ren, A. L. Yuille. Mitigating adversarial effects through randomization. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [60]
    X. J. Ma, B. Li, Y. S. Wang, S. M. Erfani, S. N. R. Wijewickrema, G. Schoenebeck, D. Song, M. E. Houle, J. Bailey. Characterizing adversarial subspaces using local intrinsic dimensionality. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [61]
    G. S. Dhillon, K. Azizzadenesheli, Z. C. Lipton, J. Bernstein, J. Kossaifi, A. Khanna, A. Anandkumar. Stochastic activation pruning for robust adversarial defense. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [62]
    J. Buckman, A. Roy, C. Raffel, I. J. Goodfellow. Thermometer encoding: One hot way to resist adversarial examples. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [63]
    N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, A. Swami. Practical black-box attacks against machine learning. In Proceedings of ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, pp. 506–519, 2017. DOI: 10.1145/3052973.3053009.
    [64]
    A. Athalye, N. Carlini, D. A. Wagner. Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In Proceedings of the 35th International Conference on Machine Learning, Stockholmsmässan, Sweden, vol. 80, pp. 274–283, 2018.
    [65]
    K. Roth, Y. Kilcher, T. Hofmann. The odds are odd: A statistical test for detecting adversarial examples. In Proceedings of the 36th International Conference on Machine Learning, Long Beach, USA, vol. 97, pp. 5498–5507, 2019.
    [66]
    C. Xiao, P. L. Zhong, C. X. Zheng. Enhancing adversarial defense by k-winners-take-all. [Online], Available: https://arxiv.org/abs/1905.10510, 2019.
    [67]
    U. Jang, S. Jha, S. Jha. On the need for topology-aware generative models for manifold-based defenses. In Proceedings of the 8th International Conference on Learning Representations, Addis Ababa, Ethiopia, 2020.
    [68]
    F. Tramèr, N. Carlini, W. Brendel, A. Mądry. On adaptive attacks to adversarial example defenses. In Proceedings of the 34th International Conference on Neural Information Processing Systems, Vancouver, Canada, Article number 138, 2020.
    [69]
    P. Samangouei, M. Kabkab, R. Chellappa. Defense-GAN: Protecting classifiers against adversarial attacks using generative models. In Proceedings of the 6th International Conference on Learning Representations, Vancouver, Canada, 2018.
    [70]
    C. Cintas, S. Speakman, V. Akinwande, W. Ogallo, K. Weldemariam, S. Sridharan, E. McFowland. Detecting adversarial attacks via subset scanning of autoencoder activations and reconstruction error. In Proceedings of the 29th International Joint Conference on Artificial Intelligence, Yokohama, Japan, Article number 122, 2021.
    [71]
    D. Y. Meng, H. Chen. MagNet: A two-pronged defense against adversarial examples. In Proceedings of ACM/SIGSAC Conference on Computer and Communications Security, Dallas, USA, pp. 135–147, 2017. DOI: 10.1145/3133956.3134057.
    [72]
    Y. Z. Li, J. Bradshaw, Y. Sharma. Are generative classifiers more robust to adversarial attacks? In Proceedings of the 36th International Conference on Machine Learning, vol. 97, pp. 3804–3814, 2019.
    [73]
    P. Brodal. The Central Nervous System: Structure and Function, 3rd ed., New York, USA: Oxford University Press, 2004.
    [74]
    B. J. White, S. E. Boehnke, R. A. Marino, L. Itti, D. P. Munoz. Color-related signals in the primate superior colliculus. Journal of Neuroscience, vol. 29, no. 39, pp. 12159–12166, 2009. DOI: 10.1523/JNEUROSCI.1986-09.2009.
    [75]
    H. Markram, E. Muller, S. Ramaswamy, M. W. Reimann, M. Abdellah, C. A. Sanchez, A. Ailamaki, L. Alonso-Nanclares, N. Antille, S. Arsever, G. A. A. Kahou, T. K. Berger, A. Bilgili, N. Buncic, A. Chalimourda, G. Chindemi, J. D. Courcol, F. Delalondre, V. Delattre, S. Druckmann, R. Dumusc, J. Dynes, S. Eilemann, E. Gal, M. E. Gevaert, J. P. Ghobril, A. Gidon, J. W. Graham, A. Gupta, V. Haenel, E. Hay, T. Heinis, J. B. Hernando, M. Hines, L. Kanari, D. Keller, J. Kenyon, G. Khazen, Y. Kim, J. G. King, Z. Kisvarday, P. Kumbhar, S. Lasserre, J. V. Le Bé, B. R. C. Magalhães, A. Merchán-Pérez, J. Meystre, B. R. Morrice, J. Muller, A. Muñoz-Céspedes, S. Muralidhar, K. Muthurasa, D. Nachbaur, T. H. Newton, M. Nolte, A. Ovcharenko, J. Palacios, L. Pastor, R. Perin, R. Ranjan, I. Riachi, J. R. Rodríguez, J. L. Riquelme, C. Rössert, K. Sfyrakis, Y. Shi, J. C. Shillcock, G. Silberberg, R. Silva, F. Tauheed, M. Telefont, M. Toledo-Rodriguez, T. Tränkler, W. Van Geit, J. V. Díaz, R. Walker, Y. Wang, S. M. Zaninetta, J. DeFelipe, S. L. Hill, I. Segev, F. Schürmann. Reconstruction and simulation of neocortical microcircuitry. Cell, vol. 163, no. 2, pp. 456–492, 2015. DOI: 10.1016/j.cell.2015.09.029.
    [76]
    Y. Z. Yang, G. Zhang, Z. Xu, D. Katabi. Me-Net: Towards effective adversarial robustness with matrix estimation. In Proceedings of the 36th International Conference on Machine Learning, Long Beach, USA, vol. 97, pp. 7025–7034, 2019.
    [77]
    E. J. Candès, B. Recht. Exact matrix completion via convex optimization. Foundations of Computational Mathematics, vol. 9, no. 6, pp. 717–772, 2009. DOI: 10.1007/s10208-009-9045-5.
    [78]
    S. Chatterjee. Matrix estimation by universal singular value thresholding. The Annals of Statistics, vol. 43, no. 1, pp. 177–214, 2015. DOI: 10.1214/14-aos1272.
    [79]
    Y. D. Chen, Y. J. Chi. Harnessing structures in big data via guaranteed low-rank matrix estimation: Recent theory and fast algorithms via convex and nonconvex optimization. IEEE Signal Processing Magazine, vol. 35, no. 4, pp. 14–31, 2018. DOI: 10.1109/MSP.2018.2821706.
    [80]
    A. Kurakin, I. J. Goodfellow, S. Bengio. Adversarial examples in the physical world. In Proceedings of the 5th International Conference on Learning Representations, Toulon, France, 2017.
    [81]
    L. J. P. van der Maaten, G. E. Hinton. Visualizing high-dimensional data using t-SNE. Journal of Machine Learning Research, vol. 9, no. 27, pp. 2579–2605, 2008.
    • Relative Articles
    • Supplements(0)
    • Cited By
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(5)  / Tables(4)

    Get Citation
    PDF
    XML
    Entire Issue PDF

    用微信扫码二维码

    分享至好友和朋友圈

    Article Metrics

    Article views (1129) PDF downloads(54) Cited by()
    Proportional views
    Related
    Browse MIR
    Published Online Current Issue Special Issue Archive Selected Papers
    About MIR
    Aims and Scopes Index information Editorial Board Contact Us Springer Page

    For Authors
    Guide for Authors Submission Template Copyright Agreement
    For Referees
    Guide for Referees Referees Acknowledgement

    MIR Event
    MIR News MIR Awards
    WeChat: 机器智能研究MIR
    Twitter: MIR_Journal

    © Institute of Automation, Chinese Academy of Sciences. Published by Springer Nature and Science Press. All rights reserved. 京ICP备14019135号-25

    Supported by Beijing Renhe Information Technology Co. Ltd  support: info@rhhz.net  

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return