Adversarial learning for coordinate regression through k-layer penetrating representation
Adversarial attack is a crucial step when evaluating the reliability and robustness of deep neural networks (DNNs) models. Most existing attack approaches apply an end-to-end gradient update strategy to generate adversarial examples for a classification or regression problem. However, few of them co...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8737 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9740 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-97402024-04-18T07:06:04Z Adversarial learning for coordinate regression through k-layer penetrating representation JIANG, Mengxi SUI, Yulei LEI, Yunqi. XIE, Xiaofei LI, Cuihua LIU, Yang TSANG, Ivor W. Adversarial attack is a crucial step when evaluating the reliability and robustness of deep neural networks (DNNs) models. Most existing attack approaches apply an end-to-end gradient update strategy to generate adversarial examples for a classification or regression problem. However, few of them consider the non-differentiable DNN models (e.g., coordinate regression model) that prevent end-to-end backpropagation resulting in the failure of gradient calculation. In this paper, we present a new adversarial example generation approach for both untargeted and targeted attacks on coordinate regression models with non-differentiable operations. The novelty of our approach lies in a k-layer penetrating representation, on which we perturb the hidden feature distribution of the k-th layer through relational guidance to influence the final output, in which end-to-end backpropagation is not required. Rather than modifying a large portion of the pixels in an image, the proposed approach only modifies a very small set of the input pixels. These pixels are carefully and precisely selected by three correlations between the input pixels and hidden features of the k-th layer of a DNN, thus significantly reducing the adversarial perturbation on a clean image. We successfully apply the proposed approach to two different tasks (i.e., 2D and 3D human pose estimation) which are typical applications of the coordinate regression learning. The comprehensive experiments demonstrate that our approach achieves better performance while using much less adversarial perturbation on clean images. 2024-03-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/8737 info:doi/10.1109/TDSC.2024.3376437 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Artificial neural networks Backpropagation Computational modeling Numerical models Perturbation methods Robustness Task analysis Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Artificial neural networks Backpropagation Computational modeling Numerical models Perturbation methods Robustness Task analysis Information Security |
| spellingShingle |
Artificial neural networks Backpropagation Computational modeling Numerical models Perturbation methods Robustness Task analysis Information Security JIANG, Mengxi SUI, Yulei LEI, Yunqi. XIE, Xiaofei LI, Cuihua LIU, Yang TSANG, Ivor W. Adversarial learning for coordinate regression through k-layer penetrating representation |
| description |
Adversarial attack is a crucial step when evaluating the reliability and robustness of deep neural networks (DNNs) models. Most existing attack approaches apply an end-to-end gradient update strategy to generate adversarial examples for a classification or regression problem. However, few of them consider the non-differentiable DNN models (e.g., coordinate regression model) that prevent end-to-end backpropagation resulting in the failure of gradient calculation. In this paper, we present a new adversarial example generation approach for both untargeted and targeted attacks on coordinate regression models with non-differentiable operations. The novelty of our approach lies in a k-layer penetrating representation, on which we perturb the hidden feature distribution of the k-th layer through relational guidance to influence the final output, in which end-to-end backpropagation is not required. Rather than modifying a large portion of the pixels in an image, the proposed approach only modifies a very small set of the input pixels. These pixels are carefully and precisely selected by three correlations between the input pixels and hidden features of the k-th layer of a DNN, thus significantly reducing the adversarial perturbation on a clean image. We successfully apply the proposed approach to two different tasks (i.e., 2D and 3D human pose estimation) which are typical applications of the coordinate regression learning. The comprehensive experiments demonstrate that our approach achieves better performance while using much less adversarial perturbation on clean images. |
| format |
text |
| author |
JIANG, Mengxi SUI, Yulei LEI, Yunqi. XIE, Xiaofei LI, Cuihua LIU, Yang TSANG, Ivor W. |
| author_facet |
JIANG, Mengxi SUI, Yulei LEI, Yunqi. XIE, Xiaofei LI, Cuihua LIU, Yang TSANG, Ivor W. |
| author_sort |
JIANG, Mengxi |
| title |
Adversarial learning for coordinate regression through k-layer penetrating representation |
| title_short |
Adversarial learning for coordinate regression through k-layer penetrating representation |
| title_full |
Adversarial learning for coordinate regression through k-layer penetrating representation |
| title_fullStr |
Adversarial learning for coordinate regression through k-layer penetrating representation |
| title_full_unstemmed |
Adversarial learning for coordinate regression through k-layer penetrating representation |
| title_sort |
adversarial learning for coordinate regression through k-layer penetrating representation |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/8737 |
| _version_ |
1814047498050732032 |