Home // COGNITIVE 2024, The Sixteenth International Conference on Advanced Cognitive Technologies and Applications // View article
Authors:
Chee-Hung Chu
Jeevithan Alagurajah
Keywords: Vision transformers, adversarial training, adversarial defense, image classification
Abstract:
The development of trustworthy and secure AI applications is a fundamental step towards building AI systems that can reliably operate in the real world, where they may face malicious attempts to manipulate them. Deep neural networks, despite their impressive image classification accuracy, are vulnerable to even small, imperceptible changes called adversarial attacks, causing their performance to plummet. Existing defenses often struggle when attackers have full knowledge of the model (white-box attacks) and craft even stronger perturbations. To address this, the Adversarial Invariant and Co-Variance Restriction (AICR) loss function was recently proposed. The AICR loss function forces clean and noisy images from the same class to have similar activation patterns in convolutional neural networks, essentially making them harder for attackers to differentiate. Given the superior performance of Vision Transformers (ViTs) in image classification, we adapted the AICR loss to train ViTs and investigated its effectiveness against gradient-based attacks. Our experiments show that ViTs trained with AICR loss achieve a significant improvement in accuracy compared to those trained with the standard cross-entropy loss, demonstrating the effectiveness of AICR in enhancing ViT's resilience against adversarial attacks.
Pages: 6 to 11
Copyright: Copyright (c) IARIA, 2024
Publication date: April 14, 2024
Published in: conference
ISSN: 2308-4197
ISBN: 978-1-68558-157-2
Location: Venice, Italy
Dates: from April 14, 2024 to April 18, 2024