An Effective Fusion Method to Enhance the Robustness of CNN
Yating Ma, Zhichao Lian
TL;DR
This paper introduces a novel fusion technique combining denoising and attention modules in CNNs, specifically ResNet18, to significantly improve robustness against adversarial attacks like FGSM and PGD.
Contribution
It proposes a new fusion method that strategically integrates modules to enhance CNN robustness, addressing limitations of previous approaches.
Findings
Outperforms state-of-the-art methods on CIFAR10
Effective against FGSM and PGD attacks
Improves model robustness with a dot product-based fusion
Abstract
With the development of technology rapidly, applications of convolutional neural networks have improved the convenience of our life. However, in image classification field, it has been found that when some perturbations are added to images, the CNN would misclassify it. Thus various defense methods have been proposed. The previous approach only considered how to incorporate modules in the network to improve robustness, but did not focus on the way the modules were incorporated. In this paper, we design a new fusion method to enhance the robustness of CNN. We use a dot product-based approach to add the denoising module to ResNet18 and the attention mechanism to further improve the robustness of the model. The experimental results on CIFAR10 have shown that our method is effective and better than the state-of-the-art methods under the attack of FGSM and PGD.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Brain Tumor Detection and Classification