CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 12707 > Article
Paper
8 June 2023 Understanding adversarial robustness on the hypersphere
Zitian Zhao
Author Affiliations +
Proceedings Volume 12707, International Conference on Image, Signal Processing, and Pattern Recognition (ISPP 2023); 127072F (2023) https://doi.org/10.1117/12.2681304
Event: International Conference on Image, Signal Processing, and Pattern Recognition (ISPP 2023), 2023, Changsha, China
Abstract
Adversarial examples have raised public concern about the robustness of deep neural networks (DNNs). One universal approach to enhance the robustness is adversarial training which essentially augments the training data. However, adversarial training succeeded only to a very limited extent. This limited progress is partly due to the lack of interpretation and understanding of the robustness of DNNs. In this context, we try to explain the adversarial robustness by embedding the sample points onto a hypersphere, which naturally provides an interpretable metric for the distance between sample points. Different from the empirical intuition, it is observed that adversarial trained models show complex patterns when facing different datasets and training configurations. Observations and explanations about robustness and model behavior are made from the aspect of the distances between samples points. Lastly, we discuss the degradation of standard accuracy in the adversarial trained models and provide possible solutions.
© (2023) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Zitian Zhao "Understanding adversarial robustness on the hypersphere", Proc. SPIE 12707, International Conference on Image, Signal Processing, and Pattern Recognition (ISPP 2023), 127072F (8 June 2023); https://doi.org/10.1117/12.2681304
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 8 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Adversarial training
Data modeling
Feature extraction
Statistical modeling
Convolution
Distance measurement
Neural networks
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top