Loading [MathJax]/extensions/MathZoom.js
Training Robust Deep Neural Networks via Adversarial Noise Propagation | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Image Pr... >Volume: 30

Training Robust Deep Neural Networks via Adversarial Noise Propagation

PDF
Aishan Liu; Xianglong Liu; Hang Yu; Chongzhi Zhang; Qiang Liu; Dacheng Tao
All Authors

Abstract:

In practice, deep neural networks have been found to be vulnerable to various types of noise, such as adversarial examples and corruption. Various adversarial defense met...Show More

Metadata

Abstract:

In practice, deep neural networks have been found to be vulnerable to various types of noise, such as adversarial examples and corruption. Various adversarial defense methods have accordingly been developed to improve adversarial robustness for deep models. However, simply training on data mixed with adversarial examples, most of these models still fail to defend against the generalized types of noise. Motivated by the fact that hidden layers play a highly important role in maintaining a robust model, this paper proposes a simple yet powerful training algorithm, named Adversarial Noise Propagation (ANP), which injects noise into the hidden layers in a layer-wise manner. ANP can be implemented efficiently by exploiting the nature of the backward-forward training style. Through thorough investigations, we determine that different hidden layers make different contributions to model robustness and clean accuracy, while shallow layers are comparatively more critical than deep layers. Moreover, our framework can be easily combined with other adversarial training methods to further improve model robustness by exploiting the potential of hidden layers. Extensive experiments on MNIST, CIFAR-10, CIFAR-10-C, CIFAR-10-P, and ImageNet demonstrate that ANP enables the strong robustness for deep models against both adversarial and corrupted ones, and also significantly outperforms various adversarial defense methods.
Published in: IEEE Transactions on Image Processing ( Volume: 30)
Page(s): 5769 - 5781
Date of Publication: 23 June 2021

ISSN Information:

PubMed ID: 34161231
DOI: 10.1109/TIP.2021.3082317
No metrics found for this document.
Contents

I. Introduction

Recent advances in deep learning have achieved remarkable successes in various challenging tasks, including computer vision [1]–[3], natural language processing [4], [5] and speech [6], [7]. In practice, deep learning has been routinely applied on large-scale datasets containing data collected from daily life, which inevitably contain large amounts of noise including adversarial examples and corruption [8], [9]. Unfortunately, while such noise is imperceptible to human beings, it is highly misleading to deep neural networks, which presents potential security threats for practical machine learning applications in both the digital and physical world [10]–[14].

Usage
Select a Year
2025

View as

Total usage sinceJun 2021:1,369
0102030405060JanFebMarAprMayJunJulAugSepOctNovDec345134000000000
Year Total:119
Data is updated monthly. Usage includes PDF downloads and HTML views.
Citations
53
Crossref®
Search for
Citations in
Google Scholar®

Contact IEEE to Subscribe
More Like This
Research on the Application of Visualization Methods in the Training Process of Neural Networks

2024 4th International Symposium on AI (ISAI)

Published: 2024

Improving the Adversarial Robustness of Deep Neural Networks via Efficient Two-Stage Training

2023 International Conference on Machine Learning and Cybernetics (ICMLC)

Published: 2023

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.