Adversarial Samples Generation Based on RMSProp
3
Citation
10
Reference
10
Related Paper
Citation Trend
Abstract:
Adversarial sample attacks seriously threaten the security and robustness of deep learning models. There are three problems in state-of-the-art adversarial sample generation schemes: the gradient update step size needs to be manually selected, inaccurate gradient update direction and uncontrollable times of iterations. In order to solve these problems, Root Mean Square Prop optimization algorithm (RMSProp) is proposed, which is integrated with IFGSM and IFGM. This algorithm can be easily extended to other attacks, and to a certain extent it can alleviate the trade-off between white box attacks and deliverability. The algorithm proposed in this paper can generate non-targeted adversarial samples more efficiently and quickly. Experiments show that it can generate effective and robust adversarial samples against current mainstream convolutional neural network (CNN).Keywords:
Robustness
Sample (material)
Although convolutional neural networks (CNNs) provide a promising model for understanding human vision, most CNNs lack robustness to challenging viewing conditions, such as image blur, whereas human vision is much more reliable. Might robustness to blur be attributable to vision during infancy, given that acuity is initially poor but improves considerably over the first several months of life? Here, we evaluated the potential consequences of such early experiences by training CNN models on face and object recognition tasks while gradually reducing the amount of blur applied to the training images. For CNNs trained on blurry to clear faces, we observed sustained robustness to blur, consistent with a recent report by Vogelsang and colleagues (2018). By contrast, CNNs trained with blurry to clear objects failed to retain robustness to blur. Further analyses revealed that the spatial frequency tuning of the two CNNs was profoundly different. The blurry to clear face-trained network successfully retained a preference for low spatial frequencies, whereas the blurry to clear object-trained CNN exhibited a progressive shift toward higher spatial frequencies. Our findings provide novel computational evidence showing how face recognition, unlike object recognition, allows for more holistic processing. Moreover, our results suggest that blurry vision during infancy is insufficient to account for the robustness of adult vision to blurry objects.
Robustness
Cite
Citations (13)
Evasion (ethics)
Robustness
Cite
Citations (86)
Unconstrained Face Verification is still an important problem worth researching. The major challenges such as illumination, pose, occlusion and expression can produce more complex variations in both shape and texture of the face. In this paper, we propose a method based on Monogenic Binary Pattern and Convolutional Neural Network (MBP-CNN) to improve the performance of face recognition system. For each facial image, the proposed method firstly extracts local features using Monogenic Binary Pattern (MBP) which is an excellent and powerful local descriptor compared to the well-recognized Gabor filtering-based LBP models. Then, we use Convolutional Neural Networks which is one of the best representative network architectures of deep learning in the literature, in order to extract more deep features. Thus, the developed MBP-CNN has robustness to variations of illumination, occlusion, pose, expression, texture and shape by combining Monogenic Binary Pattern and convolutional neural network. Moreover, MBP-CNN was more accurately represented by combining global and local information of facial images. Experiments demonstrate that our method provided competitive performance on the LFW database, compared to the others described in the state-of-the-art.
Local Binary Patterns
Robustness
Cite
Citations (5)
In this work, we compare the performance of three local-feature-based texture classifiers and a Convolutional Neural Network (CNN) at face recognition with sparse training data. The texture-based classifiers use Histogram of Oriented Gradients (HOG), Local Binary Patterns (LBP), and Scale Invariant Feature Transform (SIFT), respectively. The CNN uses six convolutional layers, two pooling layers, two fully connected layers, and outputs a softmax probability distribution over the classes. The dataset contains 100 classes with five samples each, and is partitioned so there is only one training sample per class. Under these conditions, we find that all three feature-based approaches significantly outperform the CNN, with the HOG-based approach showing especially strong performance.
Softmax function
Local Binary Patterns
Pooling
Scale-invariant feature transform
Discriminative model
Feature (linguistics)
Cite
Citations (2)
As machine and deep learning models are increasingly leveraged in predictive process monitoring, the focus has shifted towards making these models explainable. The successful adoption of a model is dependent on whether decision-makers can trust the predictions and explanations made. However, recent studies have shown that deep learning models are vulnerable to adversarial attacks -small perturbations to the inputs-which trick deep learning algorithms into making incorrect predictions. An additional crucial property is that the explanations are robust against these adversarial attacks when the model decision was not affected. Therefore, this paper introduces a robustness assessment framework by investigating the impact of adversarial attacks on the robustness of predictive accuracy and explanations used in the field of predictive process monitoring. First, adversarial examples of cases in the independent test set are generated to examine the robustness of the predictive model against intentionally manipulated data. Next, the predictive models are compared with similar models trained on data imputed with adversarial attacks. We monitor the impact on predictive performance in terms of AUC at different stages of the case execution. Finally, the robustness of the explanations is calculated as the distance between the original explanations and the explanations extracted from the model trained on attacked data. We test multiple machine and deep learning techniques, namely the transparent logistic regression, random forests with Shapley values, and LSTM neural networks with attention. Results show that especially neural networks suffer from adversarial attacks, and the former two are mostly robust in terms of both predictive accuracy and explanations.
Robustness
Deep Neural Networks
Cite
Citations (3)
Malaria is a deadly disease which claims the lives of hundreds of thousands of people every year. Computational methods have been proven to be useful in the medical industry by providing effective means of classification of diagnostic imaging and disease identification. This paper examines different machine learning methods in the context of classifying the presence of malaria in cell images. Numerous machine learning methods can be applied to the same problem; the question of whether one machine learning method is better suited to a problem relies heavily on the problem itself and the implementation of a model. In particular, convolutional neural networks and k nearest neighbours are both analyzed and contrasted in regards to their application to classifying the presence of malaria and each models empirical performance. Here, we implement two models of classification; a convolutional neural network, and the k nearest neighbours algorithm. These two algorithms are compared based on validation accuracy. For our implementation, CNN (95%) performed 25% better than kNN (75%).
Identification
Cite
Citations (3)
Feature extraction is one of the most important phases of medical image classification which requires extensive domain knowledge. Convolutional Neural Networks (CNN) have been successfully used for feature extraction in images from different domains involving a lot of classes. In this paper, CNNs are exploited to extract a hierarchical and discriminative representation of X-ray images. This representation is then used for classification of the X-ray images as various parts of the body. Visualization of the feature maps in the hidden layers show that features learnt by the CNN resemble the essential features which help discern the discrimination among different body parts. A comparison on the standard IRMA X-ray image dataset demonstrates that the CNNs easily outperform classifiers with hand-engineered features.
Discriminative model
Feature (linguistics)
Contextual image classification
Representation
Cite
Citations (41)
In this work, a new multitask convolutional neural network (CNN) is proposed aiming for the recognition of face under pose variations. Furthermore, the combination of pose estimation for each corresponding pose in a separate fashion allows robust face recognition in presence of various facial expressions as well as low illuminations. First, a CNN model for pose estimation is proposed. The pose estimation model is trained using a self-collected dataset built from three popular datasets including FLW, CEP, and CASIA-WebFace using three categories of face image capture such as Left side, Frontal and right side. Experimental evaluation has been conducted using two datasets: Pointing'04 and Schneiderman. Results reveal the robustness of the proposed pose estimation model. Moreover, the proposed face pose estimation is applied on three datasets to widen the dataset and make it bigger for training and testing deep learning models.
Robustness
Active appearance model
Cite
Citations (19)
Malaria is a deadly disease which claims the lives of hundreds of thousands of people every year. Computational methods have been proven to be useful in the medical industry by providing effective means of classification of diagnostic imaging and disease identification. This paper examines different machine learning methods in the context of classifying the presence of malaria in cell images. Numerous machine learning methods can be applied to the same problem; the question of whether one machine learning method is better suited to a problem relies heavily on the problem itself and the implementation of a model. In particular, convolutional neural networks and k nearest neighbours are both analyzed and contrasted in regards to their application to classifying the presence of malaria and each models empirical performance. Here, we implement two models of classification; a convolutional neural network, and the k nearest neighbours algorithm. These two algorithms are compared based on validation accuracy. For our implementation, CNN (95%) performed 25% better than kNN (75%).
Identification
Cite
Citations (0)
Feature (linguistics)
Identification
Contextual image classification
Cite
Citations (9)