Error-correcting output codes with ensemble diversity for robust learning in neural networks
Though deep learning has been applied successfully in many scenarios, malicious inputs with human-imperceptible perturbations can make it vulnerable in real applications. This paper proposes an error-correcting neural network (ECNN) that combines a set of binary classifiers to combat adversarial exam...
Saved in:
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/147336 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-147336 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1473362022-07-22T06:36:54Z Error-correcting output codes with ensemble diversity for robust learning in neural networks Song, Yang Kang, Qiyu Tay, Wee Peng School of Electrical and Electronic Engineering The Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI-21) Continental-NTU Corporate Lab Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Deep Learning Neural Networks Though deep learning has been applied successfully in many scenarios, malicious inputs with human-imperceptible perturbations can make it vulnerable in real applications. This paper proposes an error-correcting neural network (ECNN) that combines a set of binary classifiers to combat adversarial examples in the multi-class classification problem. To build an ECNN, we propose to design a code matrix so that the minimum Hamming distance between any two rows (i.e., two codewords) and the minimum shared information distance between any two columns (i.e., two partitions of class labels) are simultaneously maximized. Maximizing row distances can increase the system fault tolerance while maximizing column distances helps increase the diversity between binary classifiers. We propose an end-to-end training method for our ECNN, which allows further improvement of the diversity between binary classifiers. The end-to-end training renders our proposed ECNN different from the traditional error-correcting output code (ECOC) based methods that train binary classifiers independently. ECNN is complementary to other existing defense approaches such as adversarial training and can be applied in conjunction with them. We empirically demonstrate that our proposed ECNN is effective against the state-of-the-art white-box and black-box attacks on several datasets while maintaining good classification accuracy on normal examples. Agency for Science, Technology and Research (A*STAR) This research is supported in part by A*STAR under its RIE2020 Advanced Manufacturing and Engineering (AME) Industry Alignment Fund – Pre Positioning (IAF-PP) (Grant No. A19D6a0053) and Industry Alignment Fund (LOA Award I1901E0046). The computational work for this article was partially performed on resources of the National Supercomputing Centre, Singapore (https://www.nscc.sg). 2021-04-06T05:38:44Z 2021-04-06T05:38:44Z 2021 Conference Paper Song, Y., Kang, Q. & Tay, W. P. (2021). Error-correcting output codes with ensemble diversity for robust learning in neural networks. The Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI-21). https://hdl.handle.net/10356/147336 en A19D6a0053 Award I1901E0046 © 2021 Association for the Advancement of Artificial Intelligence (AAAI). All rights reserved. This paper was published in The Thirty-Fifth AAAI Conference on Artificial Intelligence (AAAI-21) and is made available with permission of Association for the Advancement of Artificial Intelligence (AAAI). application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Deep Learning Neural Networks |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Deep Learning Neural Networks Song, Yang Kang, Qiyu Tay, Wee Peng Error-correcting output codes with ensemble diversity for robust learning in neural networks |
| description |
Though deep learning has been applied successfully in many scenarios, malicious inputs with human-imperceptible perturbations can make it vulnerable in real applications. This paper proposes an error-correcting neural network (ECNN) that combines a set of binary classifiers to combat adversarial examples in the multi-class classification problem. To build an ECNN, we propose to design a code matrix so that the minimum Hamming distance between any two rows (i.e., two codewords) and the minimum shared information distance between any two columns (i.e., two partitions of class labels) are simultaneously maximized. Maximizing row distances can increase the system fault tolerance while maximizing column distances helps increase the diversity between binary classifiers. We propose an end-to-end training method for our ECNN, which allows further improvement of the diversity between binary classifiers. The end-to-end training renders our proposed ECNN different from the traditional error-correcting output code (ECOC) based methods that train binary classifiers independently. ECNN is complementary to other existing defense approaches such as adversarial training and can be applied in conjunction with them. We empirically demonstrate that our proposed ECNN is effective against the state-of-the-art white-box and black-box attacks on several datasets while maintaining good classification accuracy on normal examples. |
| author2 |
School of Electrical and Electronic Engineering |
| author_facet |
School of Electrical and Electronic Engineering Song, Yang Kang, Qiyu Tay, Wee Peng |
| format |
Conference or Workshop Item |
| author |
Song, Yang Kang, Qiyu Tay, Wee Peng |
| author_sort |
Song, Yang |
| title |
Error-correcting output codes with ensemble diversity for robust learning in neural networks |
| title_short |
Error-correcting output codes with ensemble diversity for robust learning in neural networks |
| title_full |
Error-correcting output codes with ensemble diversity for robust learning in neural networks |
| title_fullStr |
Error-correcting output codes with ensemble diversity for robust learning in neural networks |
| title_full_unstemmed |
Error-correcting output codes with ensemble diversity for robust learning in neural networks |
| title_sort |
error-correcting output codes with ensemble diversity for robust learning in neural networks |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/147336 |
| _version_ |
1739837361333731328 |