论文信息 - Using Capsule Networks with Thermometer Encoding to Defend Against Adversarial Attacks

Using Capsule Networks with Thermometer Encoding to Defend Against Adversarial Attacks

Adversarial attacks have been shown to construct examples that drastically reduce the performance of classification models. One recently proposed defense against adversarial attacks is to discretize the input in a method called thermometer encoding. We apply thermometer encoding to capsule networks, a recently proposed computer vision architecture that has also demonstrated state-ofthe-art resistance to adversarial attacks. The capsule network with thermometer encoding outperforms our baseline CNN and vanilla capsule network when trained adversarially, and performs comparably to a CNN with thermometer encoding. The gains by applying thermometer encoding to capsule networks may improve adversarial resistance on more complex tasks where capsule networks have already demonstrated state-of-theart resistance.

[1] Jonathon Shlens,et al. Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[2] Aleksander Madry,et al. Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[3] Samy Bengio,et al. Adversarial examples in the physical world , 2016, ICLR.

[4] Martín Abadi,et al. TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[5] Y. LeCun,et al. Learning methods for generic object recognition with invariance to pose and lighting , 2004, Proceedings of the 2004 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2004. CVPR 2004..

[6] Dale Schuurmans,et al. Learning with a Strong Adversary , 2015, ArXiv.

[7] Joan Bruna,et al. Intriguing properties of neural networks , 2013, ICLR.

[8] Yoshua Bengio,et al. Gradient-based learning applied to document recognition , 1998, Proc. IEEE.