Boosting adversarial training in safety-critical systems through boundary data selection

AI-enabled collaborative robots are designed to be used in close collaboration with humans, thus requiring stringent safety standards and quick response times. Adversarial attacks pose a significant threat to the deep learning models of these systems, making it crucial to develop methods to improve...

Full description

Saved in:
Bibliographic Details
Main Authors: JIA, Yifan, POSKITT, Christopher M., ZHANG, Peixin, WANG, Jingyi, SUN, Jun, CHATTOPADHYAY, Sudipta
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2023
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/8303
https://ink.library.smu.edu.sg/context/sis_research/article/9306/viewcontent/rast_ral24.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-9306
record_format dspace
spelling sg-smu-ink.sis_research-93062023-12-05T03:21:18Z Boosting adversarial training in safety-critical systems through boundary data selection JIA, Yifan POSKITT, Christopher M. ZHANG, Peixin WANG, Jingyi SUN, Jun CHATTOPADHYAY, Sudipta AI-enabled collaborative robots are designed to be used in close collaboration with humans, thus requiring stringent safety standards and quick response times. Adversarial attacks pose a significant threat to the deep learning models of these systems, making it crucial to develop methods to improve the models' robustness against them. Adversarial training is one approach to improve their robustness: it works by augmenting the training data with adversarial examples. This, unfortunately, comes with the cost of increased computational overhead and extended training times. In this work, we balance the need for additional adversarial data with the goal of minimizing the training costs by selecting the most ‘valuable’ data for adversarial training. In particular, we propose a robustness-oriented boundary data selection method, RAST-AT, which stands for robust and fast adversarial training. RAST-AT selects training data near to the boundary by considering adversarial perturbations. Our method improves the speed of model training on CIFAR-10 by 68.67%, and compared to other data selection methods, has 10% higher accuracy with 10% training data selected, and 7% higher robustness with 4% training data selected. Our method also significantly improves efficiency by at least 25% in adversarial training, with the same performance. Finally, we evaluate our method on a cobot system, generating adversarial patches as attacks, and adopting RAST-AT as the defense. We find that RAST-AT can defend against 60% of untargeted attacks and 20% of targeted attacks. Our work highlights the benefits of developing effective defenses against adversarial attacks to ensure the security and reliability of AI-powered safety-critical systems. 2023-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8303 info:doi/10.1109/LRA.2023.3327934 https://ink.library.smu.edu.sg/context/sis_research/article/9306/viewcontent/rast_ral24.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Data selection AI-enabled industrial systems trustworthy systems adversarial training Databases and Information Systems Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Data selection
AI-enabled industrial systems
trustworthy systems
adversarial training
Databases and Information Systems
Software Engineering
spellingShingle Data selection
AI-enabled industrial systems
trustworthy systems
adversarial training
Databases and Information Systems
Software Engineering
JIA, Yifan
POSKITT, Christopher M.
ZHANG, Peixin
WANG, Jingyi
SUN, Jun
CHATTOPADHYAY, Sudipta
Boosting adversarial training in safety-critical systems through boundary data selection
description AI-enabled collaborative robots are designed to be used in close collaboration with humans, thus requiring stringent safety standards and quick response times. Adversarial attacks pose a significant threat to the deep learning models of these systems, making it crucial to develop methods to improve the models' robustness against them. Adversarial training is one approach to improve their robustness: it works by augmenting the training data with adversarial examples. This, unfortunately, comes with the cost of increased computational overhead and extended training times. In this work, we balance the need for additional adversarial data with the goal of minimizing the training costs by selecting the most ‘valuable’ data for adversarial training. In particular, we propose a robustness-oriented boundary data selection method, RAST-AT, which stands for robust and fast adversarial training. RAST-AT selects training data near to the boundary by considering adversarial perturbations. Our method improves the speed of model training on CIFAR-10 by 68.67%, and compared to other data selection methods, has 10% higher accuracy with 10% training data selected, and 7% higher robustness with 4% training data selected. Our method also significantly improves efficiency by at least 25% in adversarial training, with the same performance. Finally, we evaluate our method on a cobot system, generating adversarial patches as attacks, and adopting RAST-AT as the defense. We find that RAST-AT can defend against 60% of untargeted attacks and 20% of targeted attacks. Our work highlights the benefits of developing effective defenses against adversarial attacks to ensure the security and reliability of AI-powered safety-critical systems.
format text
author JIA, Yifan
POSKITT, Christopher M.
ZHANG, Peixin
WANG, Jingyi
SUN, Jun
CHATTOPADHYAY, Sudipta
author_facet JIA, Yifan
POSKITT, Christopher M.
ZHANG, Peixin
WANG, Jingyi
SUN, Jun
CHATTOPADHYAY, Sudipta
author_sort JIA, Yifan
title Boosting adversarial training in safety-critical systems through boundary data selection
title_short Boosting adversarial training in safety-critical systems through boundary data selection
title_full Boosting adversarial training in safety-critical systems through boundary data selection
title_fullStr Boosting adversarial training in safety-critical systems through boundary data selection
title_full_unstemmed Boosting adversarial training in safety-critical systems through boundary data selection
title_sort boosting adversarial training in safety-critical systems through boundary data selection
publisher Institutional Knowledge at Singapore Management University
publishDate 2023
url https://ink.library.smu.edu.sg/sis_research/8303
https://ink.library.smu.edu.sg/context/sis_research/article/9306/viewcontent/rast_ral24.pdf
_version_ 1784855626934910976